Splunk

Splunk SOAR Playbooks: GCP Unusual Service Account Usage

Jun 16, 2021 By Philip Royer In Splunk

As organizations increase their cloud footprints, it becomes more and more important to implement access control monitoring for as many resources as possible. In previous playbooks, we have shown examples of AWS and Azure account monitoring, but the series would not be complete without also supporting Google Cloud Platform (GCP).

Read Post

Splunk

Read more about Splunk SOAR Playbooks: GCP Unusual Service Account Usage

Splunk and Zscaler Utilize Data and Zero Trust to Eradicate Threats

Jun 14, 2021 By Splunk In Splunk

Splunk and Zscaler have partnered to deliver a superior, Zero Trust approach to security. Our tightly integrated, best-of-breed cloud security and security analytics platforms deliver a cloud experience for the modern, cloud-first enterprise.

View Video

Splunk

Read more about Splunk and Zscaler Utilize Data and Zero Trust to Eradicate Threats

SOARing w/ Splunk Phantom

Jun 14, 2021 By Splunk In Splunk

Hey kids, do you like automation? Danny chats with Dan Dagget (@sgviking) , @Splunk Community Leader for Phantom & Tom Wise from @Adarma_Security about how to SOAR. What is SOAR? Do you need it? Are you ready to deploy it even if you do need it? How many times will Danny screw up the audio settings like the true professional he is? All answers lie within.

View Video

Splunk

Read more about SOARing w/ Splunk Phantom

Super Speed with Phantom Slash Commands

Jun 14, 2021 By Olivia Courtney In Splunk

Are you the type of person who loves the command-line? Is tab-complete your friend? Do you move faster on a keyboard than with a mouse? Then Phantom Slash Commands are for you!

Read Post

Splunk

Read more about Super Speed with Phantom Slash Commands

Detecting Password Spraying Attacks: Threat Research Release May 2021

Jun 10, 2021 By Splunk Threat Research Team In Splunk

The Splunk Threat Research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing password spraying attacks against Active Directory environments. In this blog, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PurpleSharp, collect and analyze the Windows event logs, and highlight a few detections from the May 2021 releases.

Read Post

Splunk

Read more about Detecting Password Spraying Attacks: Threat Research Release May 2021

Tales of a Principal Threat Intelligence Analyst

Jun 8, 2021 By Adam Swanda In Splunk

At Splunk, we’re constantly on the hunt for new and emerging threats — tirelessly developing detection techniques to zero in on bad actors, while sharing key intelligence around cybercrime activity. But because threat intelligence can relate to so many different things — ranging from spear phishing campaigns to dark web dealings — it can be a challenge to cover and define all the specifics of what (or who) to look out for.

Read Post

Splunk

Read more about Tales of a Principal Threat Intelligence Analyst

Alert Stalking

Jun 7, 2021 By Splunk In Splunk

For SREs, alerts are part of the job. But they shouldn’t be when you’re not on call, or when the problem isn’t yours. Watch a day in the life of an SRE, and see how Splunk Observability Cloud helps him put useless alerts—and complexity—to bed.

View Video

Splunk

Read more about Alert Stalking

EO, EO, It's Off to Work We Go! (Protecting Against the Threat of Ransomware with Splunk)

Jun 7, 2021 By Shannon Davis In Splunk

On June 2nd, 2021, the White House released a memo from Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology. The subject? “What We Urge You To Do To Protect Against The Threat of Ransomware.” It outlines several recommendations on how to protect your organization from ransomware. The memo was a follow-up to President Biden’s May 12th Executive Order on Improving the Nation’s Cybersecurity Order (EO14028).

Read Post

Splunk

Read more about EO, EO, It's Off to Work We Go! (Protecting Against the Threat of Ransomware with Splunk)

Understanding Splunk Phantom's Join Logic

Jun 1, 2021 By Olivia Courtney In Splunk

If you’re an active Splunk Phantom user, it’s safe to assume you know what a playbook is. If not, here’s a quick summary: Phantom playbooks allow analysts to automate everyday security tasks, without the need for human interaction. Manual security tasks that used to take 30 minutes can now be executed automatically in seconds using a playbook. The result? Increased productivity and efficiency, time saved, and headaches avoided.

Read Post

Splunk

Read more about Understanding Splunk Phantom's Join Logic

Easily Automate Across Your AWS Environments with Splunk Phantom

May 28, 2021 By Matt Sayar In Splunk

When running Splunk Phantom with AWS services, it can be tricky to make sure Splunk Phantom has the right access. When you’re managing multiple AWS accounts, the effort to configure Splunk Phantom’s access to every account can feel insurmountable. Fortunately, Amazon has the Security Token Service to solve this problem with temporary credentials, so we’ve integrated it with Splunk Phantom!

Read Post

Splunk

Read more about Easily Automate Across Your AWS Environments with Splunk Phantom

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Splunk

Splunk SOAR Playbooks: GCP Unusual Service Account Usage

Splunk and Zscaler Utilize Data and Zero Trust to Eradicate Threats

SOARing w/ Splunk Phantom

Super Speed with Phantom Slash Commands

Detecting Password Spraying Attacks: Threat Research Release May 2021

Tales of a Principal Threat Intelligence Analyst

Alert Stalking

EO, EO, It's Off to Work We Go! (Protecting Against the Threat of Ransomware with Splunk)

Understanding Splunk Phantom's Join Logic

Easily Automate Across Your AWS Environments with Splunk Phantom

Monthly Archive

Follow Us