Security

Security

Finding NEW Evil: Detecting New Domains with Splunk

This post discusses how to use Splunk (and Splunk Enterprise Security) to find domains that are "new" to your organization and why you should care (HINT: YOU SHOULD! THEY ARE VERY OFTEN NAUGHTY). It uses basic Splunk statistics along with some more exciting (and faster) tstats.

Security

Not All SIEM Solutions Are Created Equal

See how Splunk's analytics-driven SIEM solution tackles real-time security monitoring, advanced threat detection, forensics and incident management

Security

Security Update: Meltdown and Spectre vulnerabilities

Splunk CISO, Joel Fulton, provides update regarding Meltdown/Spectre vulnerabilities

Security

Configuring JA3 with Bro for Splunk

Configuring Bro to output JA3 signatures and how to ingest that data into Splunk

Security

Detecting Typosquatting, Phishing, and Corporate Espionage with Enterprise Security Content Update

Splunk’s Enterprise Security Content Update (ESCU) app can provide you with early warnings and situational awareness—powerful elements of an effective defense against adversaries

Security

Tall Tales of Hunting with TLS/SSL Certificates

TLS and SSL certificates are a great way to hunt advanced adversaries. Collect them with Splunk Stream, Bro, or Suricata and hunt in your own data!