The ABCs of Splunk Part Two: How to Install Splunk on Linux
In our previous blog, we discussed how to choose between a single or clustered environment. You can read our first blog here! In this blog, I will guide you through the proper installation of Splunk, assuming that you have chosen Linux as your operating system. One of the first things to consider for a secure installation, […]
The ABCs of Splunk Part One: What Deployment to Choose
[elementor-template id="9384"]Security Incident handling with Splunk – Our new Cyences App published on Splunkbase
Security Incident handling with Splunk – Our new Cyences App published on Splunkbase For the past year, customers have asked us to simplify Splunk so that they are able to identify nefarious activities quickly. In addition, they wanted to be able to forensically investigate any event without having to be experts in Splunk Processing Language […]
ABC’s of Splunk Part Twelve: Protect yourself against Ransomware and Kernel-mode Malware
Protecting your Windows Environment from Kernel-mode Malware As we were looking to better protect the Windows environments from Ransomware, we quickly realized that very few security technologies have visibility into kernel-mode malware behavior. This type of malware has equal or even higher privileges than most security tools. Thus, attackers can essentially take safe refuge in […]
ABC’s of Splunk Part Eleven:Ransomware and the Pyramid of Pain
Since the beginning of the COVID-19 lockdown, we have witnessed an astonishing amount of attacks launched against remote workers. More and more companies have begun to pay perpetrators through a financial windfall that have allowed them to add more programmers to launch even more sophisticated attacks. Ransomware has become a full-on war than a skirmish. […]
ABC’s of Splunk Part Ten: Reduction of Attack Surface AreaWindows and Microsoft Active Directory
For this blog, we are going to go over how to ingest our windows environment and Active Directory logs and how to set up advanced search commands to continue with our efforts to reduce our attack surface area. This issue has gained importance since last week after the discovery of a new set of exploits […]
ABC’s of Splunk Part Nine: Reduction of Attack Surface Area
For this post, we take a little side trip to explore Splunk as a tool for early identification of areas vulnerable to attacks so we can reap the benefits of all our learnings and extract valuable information as to what makes Splunk powerful from a SIEM perspective. Please revisit our previous posts if you would like […]
ABCs of Splunk, Part 8: Advanced Search
In this post, we will continue our journey into search with Splunk and add a few more commands to include in your arsenal of knowledge. Please revisit our previous posts to ensure you have a healthy environment upon which to run commands. Prerequisite How to Install Splunk on Linux Upload data required for the examples […]
ABC’s of Splunk Part Seven: Basics of Search
Now that you have some knowledge from our previous blogs, you are now ready to start your journey to become a Splunk Ninja! For the next six blogs, we are going to focus on Search starting from the basics and moving into advanced correlation and detection. Let’s begin… Splunk uses Search Processing Language, commonly known […]