The ABCs of Splunk Part Two: How to Install Splunk on Linux
In our previous blog, we discussed how to choose between a single or clustered environment. You can read our first blog here! In this blog, I will guide you through the proper installation of Splunk, assuming that you have chosen Linux as your operating system. One of the first things to consider for a secure installation, […]
The ABCs of Splunk Part One: What Deployment to Choose
[elementor-template id="9384"]Lessons from the field: To the Left or Right of Boom?
Many in Cyber Security tend to focus on the security event (the “Boom”) and mitigating the impact after (to the right of) the Boom. To build true Cyber Resiliency, we need to spend as much, if not more, time to the left of Boom, building the processes for responding to the Boom or better yet, […]
Lesson from the field: Introducing Anti-goals to your project
I was talking to a client recently about a project we were working on and the term “Anti-Goal” popped up. We all know what goals are. The thing that we are trying to accomplish. Anti-goals are those things we are trying to avoid. As we discussed the goals of the project, my client said “And of course we do […]
A traditional helpdesk is no longer useful because most likely the issue is somewhere else –
I wanted to write this blog to explain why for the past two years, we at CrossRealms International have been working on creating an engineering desk to really provide value when something goes wrong whether it’s a workstation, a user, a system, an environment, or cloud. Let me first start by stating the obvious: the […]
Upcoming Features for Cyences 1.10.0
Cyences 1.10.0 enriches the data for Office 365 by adding several new dashboard panels and alerts that cover a wide array of changes and updates which are extremely useful for security admins. “Splunk Admin Checks” has been added to the app’s navigation bar to improve the auditing experience for any administrator. The dashboards under Splunk […]
How to Create a Strong Password
1. Make Passwords Long Password length is a primary factor in characterizing password strength. Passwords that are too short or are commonly used words and phrases are vulnerable to brute force attacks. – NIST (National Institute of Standards and Technology)– Reformed hacker Kevin Mitnick recommends 20-25 characters 2. How Do I Create A Strong Password? […]
Dealing with Security False Positives in Splunk (Enterprise Security)
SIEM tools are extremely useful for security engineers, but a major problem with SIEMs are false positives. No matter which SIEM tool an organization relies on, false positives are a common denominator across the board, since these security tools are generally built to support all environments. Security engineers often find themselves manually fine tuning these […]
Cyences Version 1.6.1 Enhancements & Updates
Added a new Sophos Central endpoint metadata collection command Device Master Table has been renamed to Device Inventory Table Enhancements have been made to the Device Inventory Table, Asset Intelligence, Forensics, and Office 365 dashboards New Linux/Unix report Sophos Central Sophos is highly recognized as a worldwide leader in next-generation cyber security. Cyences is set […]
Cyences App Fixes Splunk Integration with Palo Alto Networks
Palo Alto Networks latest software update, known as PAN-OS 9.1, has officially changed the log format for VPN/GlobalProtect logs. This switch has resulted in Splunk users experiening problems with populating their data for VPN/GlobalProtect related dashboards. Palo Alto Networks Log Format Comparison for Splunk 9.0 Log Format ● Previously, GlobalProtect data was present in the […]