Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Splunk

splunk

From Water to Wine: An Analysis of WINELOADER

Apr 16, 2024 By Splunk Threat Research Team In Splunk
In late February 2024, Mandiant identified APT29, a Russian state-sponsored threat group, deploying a new backdoor called WINELOADER to target German political parties. This campaign marks a significant shift in APT29's targeting, as they have traditionally focused on government and diplomatic entities. The expansion to political parties suggests an evolution in the group's intelligence gathering priorities, likely influenced by the current geopolitical climate.
Read Post
splunk

Splunk SOAR Playbook of the Month: Cisco Umbrella DNS Denylisting

Apr 12, 2024 By Coty Sugg In Splunk
Given the recent exciting news of Splunk becoming part of Cisco, for this edition of Splunk SOAR Playbook of the Month, we thought what better way to showcase how the combination of Cisco and Splunk can help users achieve more comprehensive security than through a playbook that combines the power of Cisco Umbrella and Splunk SOAR.
Read Post
splunk

UEBA Superpowers: Enhance Security Visibility with Rich Insights to Take Rapid Action Against Threats

Apr 5, 2024 By Fernando Jorge In Splunk
As the cybersecurity landscape continually evolves, SOCs must quickly identify, evaluate, and counteract cyberattacks. In the heat of a security investigation or incident response, achieving rapid visibility and rich contextual insights about the attack are not merely advantageous, but essential.
Read Post

SIEM in Seconds - Splunk Enterprise Security Auto Refresh and Timeline of Notable Events

Mar 28, 2024 By Splunk In Splunk
SOC analysts are overwhelmed sifting through a sea of notable events. They are unable to prioritize events and act fast. With Auto Refresh in the Incident Review interface, users will not have to re-run the Incident Response search or refresh the page. Furthermore, an interactive timeline for notable events within the Incident Response interface enables the SOC to quickly prioritize critical incidents.
View Video

SIEM in Seconds - Splunk Enterprise Security Enhanced Risk Analysis Dashboard

Mar 28, 2024 By Splunk In Splunk
With the enhanced risk analysis dashboard in Splunk Enterprise Security, security analysts can now monitor user entity risk events from detections across risk-based alerting and behavioral analytics, which provides a deeper, and more holistic, layer of visibility across all detection events.
View Video

SIEM in Seconds - Streamline Investigations with Splunk Enterprise Security

Mar 28, 2024 By Splunk In Splunk
A SOC analyst's day-to-day tasks involve investigating notable events to gather information about security incidents. Recent enhancements within the Incident Review and Risk Analysis dashboards in Splunk Enterprise Security allows analysts to streamline their investigation process and reduce the number of manual tasks they perform daily. Multiple drill-down searches on correlation rules, updates to "dispositions" in the Incident Review dashboard, and hyperlinks in Correlation Search “Next Steps” allow for faster, more efficient investigations.
View Video
splunk

UEBA Superpowers: Detect and Eliminate Advanced Threats with Machine Learning

Mar 28, 2024 By Fernando Jorge In Splunk
In the fast-paced world of cybersecurity, where the threat landscape is continuously evolving, organizations face unprecedented challenges. An expanding attack surface, rising vulnerabilities, and a relentless onslaught of cyberattacks have significantly increased organizational risk.
Read Post
Subscribe to Splunk

Copyright © 2024 OpsMatters™. All rights reserved.