Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2021

Lift Your Spirits With Splunk SOAR

Halloween is just around the corner and we’re looking forward to trick-or-treating, donning our best costumes, and watching movies. A few of my favorite movies that I watch around Halloween time remind me of our most recent Splunk SOAR updates. Is that a stretch? Possibly. But hey it’s Halloween, let’s have some fun and I’ll try to make it as humerus as possible 💀

High(er) Fidelity Software Supply Chain Attack Detection

Over the last year, many of us have been introduced to the term “Software Supply Chain”. For better or worse, it is now part of our defense vernacular and won’t be going away any time soon. If anything, it has consumed us in many ways and has been the cause of many nights of lost sleep. Well, that could just be us on the SURGe team here at Splunk.

Detect & Resolve Threats with Real-Time Salesforce Events and Splunk

Salesforce Event Monitoring exposes dozens of logs plus unique enriched and ML-generated real-time events. Learn how Splunk helps you get deep visibility across multiple Salesforce organizations and beyond to flag anomalies, protect against internal and external threats, and prevent accidental data loss. Drill into risky LoginAs behavior and pinpoint user permission changes including over-privileged users. Finally, see how a Salesforce Security team can recognize and respond to a credential stuffing attack... all without leaving Slack!

Splunk SOAR Feature Overview: Visual Playbook Editor + Input Playbooks

Splunk SOAR’s new, modern visual playbook editor makes it easier than ever to create, edit, implement and scale automated playbooks to help your team eliminate security analyst grunt work, and respond to security incidents at machine speed. Now, anyone can automate, allowing your team to achieve faster time to value from your SOAR tool. In this demo, we'll show you how to build an "input playbook". Input playbooks are used to automate simple IT and security tasks, and can then be leveraged as part of larger, more complex playbooks for a more modular approach to automation.

Splunk Announces New Government Logging Modernization Program

The Biden Administration’s May 2021 Cybersecurity Executive Order (EO) emphasizes cybersecurity as a national priority. It represents a bold step towards concrete actions to strengthen national security and address increasingly sophisticated threats facing federal agencies and the entire digital ecosystem.

Splunk SOAR Feature Overview: Apps

Splunk SOAR apps are the integration points between Splunk SOAR and other security technologies. Through apps, Splunk SOAR directs your other security tools to perform actions, such as direct VirusTotal to check file reputation or Cisco Firewall to block an IP. Splunk SOAR’s app model supports integration with over 350 tools and over 2100 different actions. All Splunk SOAR apps are available on Splunkbase.

Splunk SOAR Feature Overview: App Editor

A common task on the Splunk SOAR platform is installing a new app, or updating existing apps. Apps extend the Splunk SOAR platform by integrating third-party security products and tools. With the Splunk SOAR App Editor, you can create, edit, and test apps all from one place, making the app development experience easier and faster than ever. We currently offer more than 350 premade apps that are accessible right now.

Splunk and Mandiant: Formidable Defense Against Attackers

The security landscape is ever-changing, intensified by more sophisticated threats, and an increasing number of employees working from home leading to an expanding attack surface. Security professionals are tasked with maintaining a secure environment against a plethora of threats, manifested in thousands of alerts and events that are generated by security controls every day.

No Regrets Using Autoregress

If you’re like me, you’ve occasionally found yourself staring at the Splunk search bar trying to decide how best to analyze a series of data, iterating against one or more fields. If your brain gravitates towards traditional programming syntax, the first thing that pops into your mind may be application of a for or while loop (neither of which follow Turing convention in SPL). With commands like stats, streamstats, eventstats, or foreach at your disposal, which one should a hunter use?

Sysmon, The B-sides: Event Codes That Might Not Get As Much Attention...Just In Time For BOTS!

For those who have played our Boss of the SOC competition or attended our security workshops, you are undoubtedly aware of Frothly, but in case you are not, here is a quick primer. Frothly is a fictional brewing supply company based in San Francisco who has successes and challenges, just like any other organization.

Active Directory Discovery Detection: Threat Research Release, September 2021

The Splunk threat research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing discovery and reconnaissance tasks within Active Directory environments. In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.