Skip to main content
Drew Church
Drew Church

Drew Church joined Splunk after almost a decade supporting the Department of Defense in various roles including security operations manager, system administration, and application development.

Security 2 Min Read

Identifying BOD 23-02 Network Management Interfaces with Splunk

Splunker Drew Church explains the CISA-released directive to reduce risk from internet-exposed management interfaces, highlighting the threat of external remote services.
Security 3 Min Read

My Username Fields Have Passwords in Them! What Do I Do?

Sometimes, users put their password into a username field and it gets logged into Splunk – learn how to identify this behavior and remediate it with SOAR.
Security 4 Min Read

Checking for SIGRed (CVE-2020-1350) and CISA ED 20-03 with Splunk

Using Splunk Enterprise to check for CVE-2020-1350 vulnerabilities and detect exploitation attempts using wire data on Windows DNS servers.
Security 4 Min Read

Detecting CVE-2020-0601 Exploitation Attempts With Wire & Log Data

Learn two simple techniques for detecting CVE-2020-0601 exploitation attempts using Splunk