Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2021

splunk

Lift Your Spirits With Splunk SOAR

Oct 28, 2021 By Alexa Araneta In Splunk

Halloween is just around the corner and we’re looking forward to trick-or-treating, donning our best costumes, and watching movies. A few of my favorite movies that I watch around Halloween time remind me of our most recent Splunk SOAR updates. Is that a stretch? Possibly. But hey it’s Halloween, let’s have some fun and I’ll try to make it as humerus as possible 💀

Read Post
splunk

High(er) Fidelity Software Supply Chain Attack Detection

Oct 26, 2021 By Marcus LaFerrera In Splunk

Over the last year, many of us have been introduced to the term “Software Supply Chain”. For better or worse, it is now part of our defense vernacular and won’t be going away any time soon. If anything, it has consumed us in many ways and has been the cause of many nights of lost sleep. Well, that could just be us on the SURGe team here at Splunk.

Read Post

Detect & Resolve Threats with Real-Time Salesforce Events and Splunk

Oct 21, 2021 By Splunk In Splunk
Salesforce Event Monitoring exposes dozens of logs plus unique enriched and ML-generated real-time events. Learn how Splunk helps you get deep visibility across multiple Salesforce organizations and beyond to flag anomalies, protect against internal and external threats, and prevent accidental data loss. Drill into risky LoginAs behavior and pinpoint user permission changes including over-privileged users. Finally, see how a Salesforce Security team can recognize and respond to a credential stuffing attack... all without leaving Slack!
View Video

Splunk SOAR Feature Overview: Visual Playbook Editor + Input Playbooks

Oct 20, 2021 By Splunk In Splunk
Splunk SOAR’s new, modern visual playbook editor makes it easier than ever to create, edit, implement and scale automated playbooks to help your team eliminate security analyst grunt work, and respond to security incidents at machine speed. Now, anyone can automate, allowing your team to achieve faster time to value from your SOAR tool. In this demo, we'll show you how to build an "input playbook". Input playbooks are used to automate simple IT and security tasks, and can then be leveraged as part of larger, more complex playbooks for a more modular approach to automation.
View Video
splunk

Splunk Announces New Government Logging Modernization Program

Oct 20, 2021 By Jeremy Rissi In Splunk

The Biden Administration’s May 2021 Cybersecurity Executive Order (EO) emphasizes cybersecurity as a national priority. It represents a bold step towards concrete actions to strengthen national security and address increasingly sophisticated threats facing federal agencies and the entire digital ecosystem.

Read Post

Splunk SOAR Feature Overview: App Editor

Oct 19, 2021 By Splunk In Splunk
A common task on the Splunk SOAR platform is installing a new app, or updating existing apps. Apps extend the Splunk SOAR platform by integrating third-party security products and tools. With the Splunk SOAR App Editor, you can create, edit, and test apps all from one place, making the app development experience easier and faster than ever. We currently offer more than 350 premade apps that are accessible right now.
View Video

Splunk SOAR Feature Overview: Apps

Oct 19, 2021 By Splunk In Splunk
Splunk SOAR apps are the integration points between Splunk SOAR and other security technologies. Through apps, Splunk SOAR directs your other security tools to perform actions, such as direct VirusTotal to check file reputation or Cisco Firewall to block an IP. Splunk SOAR’s app model supports integration with over 350 tools and over 2100 different actions. All Splunk SOAR apps are available on Splunkbase.
View Video
splunk

Splunk and Mandiant: Formidable Defense Against Attackers

Oct 15, 2021 By Jane Wong In Splunk

The security landscape is ever-changing, intensified by more sophisticated threats, and an increasing number of employees working from home leading to an expanding attack surface. Security professionals are tasked with maintaining a secure environment against a plethora of threats, manifested in thousands of alerts and events that are generated by security controls every day.

Read Post
splunk

No Regrets Using Autoregress

Oct 13, 2021 By Tom Smit In Splunk

If you’re like me, you’ve occasionally found yourself staring at the Splunk search bar trying to decide how best to analyze a series of data, iterating against one or more fields. If your brain gravitates towards traditional programming syntax, the first thing that pops into your mind may be application of a for or while loop (neither of which follow Turing convention in SPL). With commands like stats, streamstats, eventstats, or foreach at your disposal, which one should a hunter use?

Read Post
splunk

Sysmon, The B-sides: Event Codes That Might Not Get As Much Attention...Just In Time For BOTS!

Oct 6, 2021 By John Stoner In Splunk

For those who have played our Boss of the SOC competition or attended our security workshops, you are undoubtedly aware of Frothly, but in case you are not, here is a quick primer. Frothly is a fictional brewing supply company based in San Francisco who has successes and challenges, just like any other organization.

Read Post
splunk

Active Directory Discovery Detection: Threat Research Release, September 2021

Oct 4, 2021 By Splunk Threat Research Team In Splunk

The Splunk threat research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing discovery and reconnaissance tasks within Active Directory environments. In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.