Drew Gibson
Detecting Ransomware Attacks with Splunk
Splunk detects ransomeware with Splunk Add-on for MS Sysmon, Universal Forwarder & tweaking spam/AV filters, running scripts & searching for new encrypted files
Playbook: Investigate IP Address Performing Reconnaissance Activity
Phantom can receive reconnaissance alerts and automate key investigation steps to increase efficiency and speed decision making.
Buttercup Games – Level 2: Buttercup Go data
Buttercup Games is a real web-based game originally designed as a training tool; Join Buttercup flying through caves; log in and check it out.
Buttercup Games – Level 1: The Premise
Buttercup Games is a real web-based game originally designed as a training tool; Join Buttercup flying through caves; log in and check it out.
Managing your Ingestion with the search bar
Custom searches for drilling down into data in your Splunk Cloud service; Total Ingestion Volume search over time, usage, volume by sourcetype & forwarder.
I can’t make my time range picker pick my time field.
Hadoop, Hunk or Splunk users have a choice in time field settings, can pull data from csv files, use specific searches & filters to achieve usable data subsets.
Configuring Microsoft’s Active Directory Federation Services (ADFS) Security Assertion Markup Language (SAML) Single Sign On (SSO) with Splunk Cloud
Assisting customers with pre-req & integration steps for setting up ADFS-Active Directory Federation Services-SAML for Single Sign On with Splunk Cloud.
How to Create a Modular Alert
Splunk 6.3 users can use API to write modular alerts for apps-notifications, automation, info-gathering. See apps.splunk.com & the official docs for more info.
