Security

Security

High(er) Fidelity Software Supply Chain Attack Detection

Software supply chain attacks are not going away. As our network defenses improve, adversaries must move up the chain to stay a step ahead of our defenses.

Security

No Regrets Using Autoregress

The autoregression command, which is a centralized streaming command, is used to calculate a moving average. Learn how to use this command to gather information, just in time for Boss of the SOC v6!

Security

Sysmon, The B-sides: Event Codes That Might Not Get As Much Attention...Just In Time For BOTS!

If you're joining Boss of the SOC competition, this blog explores other Sysmon events – besides Event Code 1 – to gain fidelity into programs starting on systems.

Security

Active Directory Discovery Detection: Threat Research Release, September 2021

In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.

Security

Investigating GSuite Phishing Attacks with Splunk

Splunk Threat Research Team (STRT) recently observed a phishing campaign using GSuite Drive file-sharing as a phishing vector. Learn more and deploy detections to prevent them in your environment.

Security

Process Hunting with a Process

To make hunting in Splunk better and faster by tracing activities and relationships of a particular process.

ALL TAGS

Security

Show All Tags
Show Less Tags