Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Hunting

splunk

Detecting New Domains in Splunk (Finding New Evil)

Mar 11, 2024 By Tamara Chacon In Splunk
In this installment of Hunting with Splunk we’re showing you how to detect suspicious and potentially malicious network traffic to “new” domains. First, let’s delve into what we mean by “new” domains and why you should make a habit of detecting this activity in the first place. (Part of our Threat Hunting with Splunk series, this article was originally written by Andrew Dauria. We've updated it recently to maximize your value.)
Read Post
splunk

Add To Chrome? - Part 4: Threat Hunting in 3-Dimensions: M-ATH in the Chrome Web Store

Mar 4, 2024 By Ryan Fetterman In Splunk
Welcome to the final installment in our “Add to Chrome?” research! In this post, we'll experiment with a method to find masquerading, or suspicious clusters of Chrome extensions using Model-Assisted Threat Hunting (M-ATH) with Splunk and the Data Science & Deep Learning (DSDL) App. M-ATH is a SURGe-developed method from the PEAK framework, which uses models or algorithms to help find threat-hunting leads, or to help make complex problems more approachable.
Read Post
snapattack

Accelerate SOC Maturity with Threat Hunting

Feb 9, 2024 By SnapAttack In SnapAttack
SOC leaders who got their start in security 10 or 20 years ago have witnessed an incredible evolution of cyber attacks. Those who have failed to keep up find themselves operating in an unrecognizable sea of advanced adversaries. All kinds of organizations across every industry are struggling to maintain their pace on the rapid timeline that threat actors have set for them.
Read Post
chaossearch

Threat Hunting Frameworks and Methodologies: An Introductory Guide

Feb 8, 2024 By Thomas Hazel In ChaosSearch
Establishing an effective cyber threat hunting program is among the top priorities of enterprise security leaders seeking a proactive approach to detecting and counteracting potential threats. Furthermore, implementing a proactive threat hunting program, security teams that leverage formalized frameworks or threat hunting methodologies are far more likely to detect vulnerabilities or in-process malicious activities in their environments than those that do not.
Read Post

Untangling Scattered Spider's Web: Hunting for RMM Tools | Threat SnapShot

Feb 7, 2024 By SnapAttack In SnapAttack
Remote Monitoring and Management (RMM) tools, traditionally utilized by IT departments to oversee and manage network infrastructure, software, and systems remotely, have increasingly become a double-edged sword in cybersecurity. The recent breach of AnyDesk, a popular RMM software, underscores the criticality of securing these tools against exploitation. Adversaries like Scattered Spider exploit these legitimate tools for malicious purposes, leveraging them to gain unauthorized access, maintain persistence, and conduct lateral movement within targeted networks.
View Video
splunk

Hypothesis-Driven Cryptominer Hunting with PEAK

Jan 19, 2024 By David Bianco In Splunk
Hypothesis-driven hunting is probably the most well-known type of threat hunting, and it’s one of the three types defined in the PEAK threat hunting framework. In this article, we’ll walk through a sample hypothesis-driven hunt, step-by-step. For our data, we’ll be using the Boss of the SOC Version 3 (BOTSv3) dataset, which you can use to recreate the hunt and work through it on your own. Below is a diagram of the Hypothesis-Driven hunting process.
Read Post
CrowdStrike

Identity Threat Hunting: How CrowdStrike Counter Adversary Operations Is Leading the Charge

Dec 11, 2023 By Thuy Nguyen In CrowdStrike

It’s 10:30 p.m. and you’re heading to bed. Unfortunately, a threat actor has your organization in their crosshairs. While you’re brushing your teeth, they’re crafting a social engineering email to pilfer your employees’ credentials. While you’re putting on your pajamas, they’re finding a path to log in. While you’re asleep, is your organization protected?

Read Post
SecurityScorecard

The Evolution of Artificial Intelligence in Cyber Threat Hunting

Dec 7, 2023 By SecurityScorecard In SecurityScorecard

The role of artificial intelligence (AI) has become increasingly prominent, particularly in the realm of cyber threat hunting. Cyber threats continue to evolve in complexity and sophistication, posing significant challenges to traditional cybersecurity measures. As a result, organizations are turning to AI-driven solutions to enhance their threat detection and response capabilities.

Read Post
splunk

Parsing Domains with URL Toolbox (Just Like House Slytherin)

Dec 1, 2023 By Tamara Chacon In Splunk
When hunting, advanced security Splunkers use apps. Specifically, three related apps from an incredibly generous man named Cedric Le Roux! (You can guess from the name that yes, he's French.) And frankly, you probably only know one: URL Toolbox. One of the most popular Splunk security apps of all time, URL Toolbox’s URL parsing capabilities have been leveraged by thousands who want to separate subdomain, domain, and top level domain (TLD) from a URL.
Read Post
splunk

Using eval to Calculate, Appraise, Classify, Estimate & Threat Hunt

Nov 28, 2023 By Tamara Chacon In Splunk
I hope you're all enjoying this series on Hunting with Splunk as much as we enjoy bringing it to you. This article discusses a foundational capability within Splunk — the eval command. If I had to pick a couple of Splunk commands that I would want to be stuck on a desert island with, the eval command is up there right next to stats and sort. (Part of our Threat Hunting with Splunk series, this article was originally written by John Stoner. We’ve updated it recently to maximize your value.)
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.