Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Logging

splunk

Addition of Syslog in Splunk Edge Processor Supercharges Security Operations with Palo Alto Firewall Log Reduction

Now generally available, Splunk Edge Processor supports syslog-based ingestion protocols, making it well-equipped to wrangle complex and superfluous data. Users can deploy Edge Processor as an end-to-end solution for handling syslog feeds such as PAN logs, including the functionality to act as a syslog receiver, process and transform logs and route the data to supported destination(s).

splunk

Defending the Gates: Understanding and Detecting Ave Maria (Warzone) RAT

Ave Maria RAT (remote access trojan), also known as “Warzone RAT,” is a malware that gains unauthorized access or remote control over a victim’s or targeted computer system. This RAT operates stealthily and grants attackers access to various functionalities within the compromised system. Its malicious activity includes data theft, privilege escalation, remote desktop control, email credential collections, browser credential parsing and more.

splunk

The Quantum Threat: Options for Migrating to Quantum Safe Cryptography

What are my quantum options? And what has Goldilocks’ porridge got to do with it? You’ve heard that eventually you’ll need to migrate to quantum-safe cryptography. Perhaps you’re raring to go. And yet, here I am, ready to tell you one thing: don’t do anything yet. Your options really depend on your quantum problem, but if you’re looking to migrate your cryptography today, you’re moving way too soon.

splunk

Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

On September 4, 2023, CERT-UA revealed a meticulously planned cyberattack targeting Ukraine's critical energy infrastructure. The attack's modus operandi was distinct; it utilized deceptive emails containing bait links, luring victims into downloading a seemingly innocuous ZIP archive. This archive, however, harbored malicious files designed to hijack the victim's computer, redirecting data flows and exfiltrating sensitive information using services like mockbin.org and mocky.io.

graylog

How to Secure a REST API

Sitting at your desk, coding away with another cup of your favorite caffeine-infused beverage, you might be thinking to yourself, “it’s true what they say about no rest for the weary.” If you’re developing an app or architecting a cloud-native system, you can actually get the REST you need with the right Application Programming Interface (API). REST APIs provide a scalable, flexible, easy-to-use interface that makes developing and connecting web apps easier.

splunk

OMB M-21-31: Your Complete Guide

Imagine that you work in IT and security for a federal entity. How do you manage your event data across different systems and networks? When something goes wrong, how do you detect, investigate and remediate these security incidents? That’s what the Office of Management and Budget (OMB) addresses in M-21-31: a memorandum that provides guidance for federal agencies to increase their visibility and response capabilities before, during and after a cybersecurity incident.

graylog

Understanding TLS for REST Services

Application Programming Interfaces (APIs) act as bridges between applications so they can share data. APIs are fundamental to the complex, interconnected systems, enabling organizations to streamline business processes and reduce redundancies. REST APIs are easy to use and understand because they use the same noun- and verb-based format as HTTP. Simultaneously, attackers know how to manipulate this language, making REST APIs a common attack target.

splunk

Using metadata & tstats for Threat Hunting

So you want to hunt, eh? Well my young padwa…hold on. As a Splunk Jedi once told me, you have to first go slow to go fast. What do I mean by that? Well, if you rush into threat hunting and start slinging SPL indiscriminately, you risk creating gaps in your investigation. What gaps might those be? As a wise man once said, Know thy network. Actually — in this case — know your network and hosts.

splunk

Using stats, eventstats & streamstats for Threat Hunting...Stat!

If you have spent any time searching in Splunk, you have likely done at least one search using the stats command. I won’t belabor the point: stats is a crucial capability in the context of threat hunting — it would be a crime to not talk about it in this series. When focusing on data sets of interest, it's very easy to use the stats command to perform calculations on any of the returned field values to derive additional information.