Logging

Splunk SOAR Playbook of the Month: Cisco Umbrella DNS Denylisting

Apr 12, 2024 By Coty Sugg In Splunk

Given the recent exciting news of Splunk becoming part of Cisco, for this edition of Splunk SOAR Playbook of the Month, we thought what better way to showcase how the combination of Cisco and Splunk can help users achieve more comprehensive security than through a playbook that combines the power of Cisco Umbrella and Splunk SOAR.

Read Post

Splunk

Read more about Splunk SOAR Playbook of the Month: Cisco Umbrella DNS Denylisting

Splunk SOAR Playbooks: Cisco Umbrella DNS Denylisting

Apr 10, 2024 By Splunk In Splunk

The Cisco Umbrella DNS Denylisting playbook is an input playbook that accepts a domain or list of domains as an input and then allows you to block the given domain(s) in Cisco Umbrella.

View Video

Splunk

Read more about Splunk SOAR Playbooks: Cisco Umbrella DNS Denylisting

The Ultimate Guide to Sigma Rules

Apr 9, 2024 By Jeff Darrington In Graylog

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.

Read Post

Graylog

Read more about The Ultimate Guide to Sigma Rules

5 reasons why observability and security work well together

Apr 8, 2024 By Jennifer Ellard, In Elastic

Site reliability engineers (SREs) and security analysts — despite having very different roles — share a lot of the same goals. They both employ proactive monitoring and incident response strategies to identify and address potential issues before they become service impacting. They also both prioritize organizational stability and resilience, aiming to minimize downtime and disruptions.

Read Post

Elastic

Read more about 5 reasons why observability and security work well together

Asset & Application Discovery: How It Works

Apr 5, 2024 By Abby Curtis In Splunk

If IT security is top-of-mind for you and your organization, asset and application discovery is critical — you need to know all of the assets you have in order to identify any areas of vulnerability.

Read Post

Splunk

Read more about Asset & Application Discovery: How It Works

UEBA Superpowers: Enhance Security Visibility with Rich Insights to Take Rapid Action Against Threats

Apr 5, 2024 By Fernando Jorge In Splunk

As the cybersecurity landscape continually evolves, SOCs must quickly identify, evaluate, and counteract cyberattacks. In the heat of a security investigation or incident response, achieving rapid visibility and rich contextual insights about the attack are not merely advantageous, but essential.

Read Post

Splunk

Read more about UEBA Superpowers: Enhance Security Visibility with Rich Insights to Take Rapid Action Against Threats

Does Your SIEM Offer Enough Flexibility? Questions to Ask

Apr 2, 2024 By Devo In Devo

When evaluating a SIEM, two key factors stand out: flexibility in data handling and open architecture. These two elements significantly enhance a platform’s efficiency and adaptability in managing cybersecurity threats. Whether you’re evaluating your current SIEM or looking for a more modern solution, here are five questions to ask to gauge its flexibility.

Read Post

Devo

Read more about Does Your SIEM Offer Enough Flexibility? Questions to Ask

Secure By Design: What Makes Software SbD

Apr 2, 2024 By Abby Curtis In Splunk

As the digital landscape continues to evolve, new cyber threats continue to emerge. It’s imperative to have safeguards in place early on in the product development process. That’s where Secure by Design comes in.

Read Post

Splunk

Read more about Secure By Design: What Makes Software SbD

SIEM in Seconds - Splunk Enterprise Security Auto Refresh and Timeline of Notable Events

Mar 28, 2024 By Splunk In Splunk

SOC analysts are overwhelmed sifting through a sea of notable events. They are unable to prioritize events and act fast. With Auto Refresh in the Incident Review interface, users will not have to re-run the Incident Response search or refresh the page. Furthermore, an interactive timeline for notable events within the Incident Response interface enables the SOC to quickly prioritize critical incidents.

View Video

Splunk

Read more about SIEM in Seconds - Splunk Enterprise Security Auto Refresh and Timeline of Notable Events

SIEM in Seconds - Splunk Enterprise Security Enhanced Risk Analysis Dashboard

Mar 28, 2024 By Splunk In Splunk

With the enhanced risk analysis dashboard in Splunk Enterprise Security, security analysts can now monitor user entity risk events from detections across risk-based alerting and behavioral analytics, which provides a deeper, and more holistic, layer of visibility across all detection events.

View Video