The Slack Audit Logs API is for monitoring the audit events happening in a Slack Enterprise Grid organization to ensure continued compliance, to safeguard against any inappropriate system access, and to allow the user to audit suspicious behavior within the enterprise. This essentially means it is an API to know who did what and when in the Slack Enterprise Grid account. We are excited to announce the Slack Add-on for Splunk, that targets this API as a brand new data source for Splunk.

It's been a while since I've had the opportunity to take a break, come up for air, and write a blog for some of the amazing work the Splunk Threat Research team has done. We have kept busy by shipping new detections under security-content (via Splunk ES Content Update and our API). Also, we have improved the Attack Range project to allow us to test detections described as test unit files.

Throughout the duration of COVID-19, there have been consistent rumors of increased nation-state espionage. In parallel, many recent ransomware strains have a COVID-19 tie-in. Now the United Kingdom's National Cyber Security Centre (NCSC), published an advisory report that the threat group APT29 is targeting governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain which are involved in COVID-19 vaccines development and testing.

Financial firms need to take a holistic view on their financial crime defenses to keep pace with the changing crime landscape. Dealing with the onslaught of attacks has historically elicited a Pavlovian response to this age-old problem — increased regulations or tighter risk management protocols, which in turn have proven to be ineffective over the long term.

In an evolving world, the modernization of the security operations center (SOC) is pivotal to the success of digital transformation initiatives. Security teams, however, are facing a shortage of cybersecurity professionals and struggling to detect and prioritize high-priority threats. Analysts in data-driven organizations can combat these issues by bringing people, process and technology together.

The number of cyberattacks launched on organizations continues to rise every year. More attacks means more security alerts that security analysts have to triage each day. Many security teams have turned to a security orchestration, automation and response (SOAR) tool to help them automate the ever-increasing volume of security alerts, and respond to threats faster and more comprehensively.

The Splunk Security Research Team has been working on Kubernetes security analytic stories mainly focused on AWS and GCP cloud platforms. The turn has come now for some Azure Kubernetes security monitoring analytic stories. As outlined in my "Approaching Kubernetes Security — Detecting Kubernetes Scan with Splunk" blog post, when looking at Kubernetes security, there are certain items within a cluster that must be monitored.

You may be surprised to learn that a particular malware is responsible for data theft in over 20% of financial institutions and other verticals in 2019. Watering hole attacks involve a web server that hosts files or applications where the website or files on the site become weaponized with malware. While recent news cycles have shined a spotlight on ransomware and crimeware, malware is not a new concept.

The cloud has become ubiquitous in all we do, and the line between the perimeter and the cloud continues to shrink as most enterprise organizations are looking to shift their cloud strategy to a multi-cloud approach. Moving to the cloud comes with plenty of benefits like performance optimization, improved reliability and overall cost savings, but cloud adoption is not without its risks and challenges.