%term

Automated Clean-up of HAFNIUM Shells and Processes with Splunk Phantom

Mar 26, 2021 By Shannon Davis In Splunk

If you haven’t been living under a rock for the past few weeks, you've probably come across the recent Microsoft Exchange Server vulnerabilities and its associated exploits.Stop!!! The first thing you should do is to go and patch any Exchange servers you may be running, then you can come back and finish reading this blog. Microsoft's blog provides links to various tools to help in this regard.

Read Post

Splunk

Read more about Automated Clean-up of HAFNIUM Shells and Processes with Splunk Phantom

Analytics-Based Investigation and Automated Response with AWS + Splunk Security Solutions

Mar 24, 2021 By Olivia Courtney In Splunk

Organizations are migrating an increasing amount of their infrastructure into the cloud. The cloud provides organizations with a number of benefits like greater scalability, improved reliability and faster time to value. However, these potential benefits can be offset if security is an afterthought.

Read Post

Splunk

Read more about Analytics-Based Investigation and Automated Response with AWS + Splunk Security Solutions

Splunk SOAR Feature Video: Event Management

Mar 18, 2021 By Splunk In Splunk

Analysts are often overwhelmed with a large volume of security events. Phantom makes event management easy by consolidating all events from multiple sources into one place.

View Video

Splunk

Read more about Splunk SOAR Feature Video: Event Management

Splunk SOAR Feature Video: Main Dashboard

Mar 18, 2021 By Splunk In Splunk

Phantoms Main Dashboard provides an overview of all your data and activity, notable events, playbooks, connections with other security tools, workloads, ROI, and so much more.

View Video

Splunk

Read more about Splunk SOAR Feature Video: Main Dashboard

Splunk SOAR Feature Video: Playbooks

Mar 18, 2021 By Splunk In Splunk

Playbooks are the codification of your Security Operations (SecOps) plan. In practice, they’re high-level Python scripts that Phantom interprets in order to execute your mission.

View Video

Splunk

Read more about Splunk SOAR Feature Video: Playbooks

Orchestrate Framework Controls to Support Security Operations with Splunk SOAR

Mar 18, 2021 By Kelly Huang In Splunk

Every security team should utilize security frameworks in their strategy and tactics to help reduce risk from common cybersecurity threats. Security frameworks guide organizations on how they should develop, build, and maintain their IT security policies and procedures while sharing best practices for meeting compliance requirements. Healthcare operations in particular are often presented with increasing regulatory scrutiny and obligations that must be met in order to be competitive.

Read Post

Splunk

Read more about Orchestrate Framework Controls to Support Security Operations with Splunk SOAR

How to Marie Kondo Your Incident Response with Case Management & Foundational Security Procedures

Mar 17, 2021 By Kelly Huang In Splunk

Marie Kondo, a Japanese organizational consultant, helps people declutter their homes in order to live happier, better lives. She once said: Similarly, in security, operational teams are constantly bogged down by a “visible mess” that inhibits their ability to effectively secure their organization.

Read Post

Splunk

Read more about How to Marie Kondo Your Incident Response with Case Management & Foundational Security Procedures

Splunk for OT Security V2: SOAR and More

Mar 10, 2021 By Ed Albanese In Splunk

In the last 90 days, the news of cyberattacks on critical infrastructure has been stunning. From the unprecedented breach represented by Sunburst to the more recent bone-chilling attack at the Oldsmar water facility, the urgency to secure critical infrastructure in transportation, utilities, energy, water, critical manufacturing, telecommunications, healthcare, government facilities and the defense sector has never been higher.

Read Post

Splunk

Read more about Splunk for OT Security V2: SOAR and More

Splunk SOAR Playbooks: Crowdstrike Malware Triage

Mar 9, 2021 By Splunk In Splunk

The combination of Crowdstrike and Splunk Phantom together allows for a more smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds. In this video, distinguished Phantom engineer Philip Royer will walk you through an out-of-the-box playbook that you can set up in Phantom to triage malware detections from Crowdstrike and automate a variety of responses based on an informed decision by an analyst.

View Video

Splunk

Read more about Splunk SOAR Playbooks: Crowdstrike Malware Triage

Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk

Mar 3, 2021 By Ryan Kovar In Splunk

If you want just to see how to find HAFNIUM Exchange Zero-Day Activity, skip down to the “detections” sections. Otherwise, read on for a quick breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.

Read Post

Splunk

Read more about Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Automated Clean-up of HAFNIUM Shells and Processes with Splunk Phantom

Analytics-Based Investigation and Automated Response with AWS + Splunk Security Solutions

Splunk SOAR Feature Video: Event Management

Splunk SOAR Feature Video: Main Dashboard

Splunk SOAR Feature Video: Playbooks

Orchestrate Framework Controls to Support Security Operations with Splunk SOAR

How to Marie Kondo Your Incident Response with Case Management & Foundational Security Procedures

Splunk for OT Security V2: SOAR and More

Splunk SOAR Playbooks: Crowdstrike Malware Triage

Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk

Monthly Archive

Follow Us