Ryan Kovar's Blog Posts

NY. AZ. Navy. SOCA. KBMG. DARPA. Splunk.

Splunk BOTS 4.0: A New Hope
Security
3 Minute Read

Splunk BOTS 4.0: A New Hope

From the basics, to new data, to registration information, discover all you need to know about Splunk BOTS 4.0 at .conf19.
Wire Data, Huh! What Is It Good For? Absolutely Everything, Say It Again Now!
Security
4 Minute Read

Wire Data, Huh! What Is It Good For? Absolutely Everything, Say It Again Now!

A brief overview of wire data, its uses and sources, and the new Splunk Essentials for Wire Data app
I Azure You, This Will Be Useful
Security
3 Minute Read

I Azure You, This Will Be Useful

This blog post describes how to use Azure Active directory for basic hunting and discovery
Boss of the SOC Scoring Server, Questions and Answers, and Dataset! Open-Sourced and Ready for Download
Security
2 Minute Read

Boss of the SOC Scoring Server, Questions and Answers, and Dataset! Open-Sourced and Ready for Download

We have open-sourced the Boss of the SOC dataset (ver1.0) and BOT(S|N) scoring server. They can be used to run your own CTF, perform research, or train your internal users!
What You Need to Know About Boss of the SOC
Security
3 Minute Read

What You Need to Know About Boss of the SOC

We introduced a new security activity at .conf2016 called “Boss of the SOC” (or BOTS), born from our belief that learning can be both realistic and fun.
HellsBells, Let's Hunt PowerShells!
Tips & Tricks
3 Minute Read

HellsBells, Let's Hunt PowerShells!

Learn some methods for hunting and detecting PowerShells no matter the "methodology"