Security Blogs

Integrating MISP servers with Enterprise Security's Threat Intelligence framework

This is part three in a three part series on the Asset & Identity framework in Splunk Enterprise Security, focusing providing additional visibility and context to analysts with a notable event.

This is part two in a three part series on the Asset & Identity framework in Splunk Enterprise Security, focusing on adding additional field or attributes to further contextualize systems being monitored.

It’s a whole new world we’re living in, at least for now. This little tutorial will help you stay on top of your security game while in the world of Enterprise Security.

This is part one in a three part series on the Asset & Identity framework in Splunk Enterprise Security, focusing on gaining context on systems being monitored.

Using cloud infrastructure data model to detect possible container implantation (Mitre Cloud Matrix technique T1525)

The tradition continues! We are happy to announce that the Boss of the SOC (BOTS) v3 dataset has been released under an open-source license and is available for download.

Taking a look at the World Economic Forum (WEF) in Davos 2020 from a cybersecurity angle. What technology risks should we be prepared for according to the WEF?

Learn two simple techniques for detecting CVE-2020-0601 exploitation attempts using Splunk