Security Blogs
Latest Articles
template
category
category
security
Boss of the SOC (BOTS) Advanced APT Hunting Companion App: Now Available on Splunkbase
If you want to learn more about threat hunting with Splunk, this app in conjunction with the BOTSv2 data set is just the answer!
Threat Intel and Splunk Enterprise Security Part 2 - Adding Local Intel to Enterprise Security
Splunker John Stoner shares a walkthrough for how to add local threat intelligence into Splunk Enterprise Security
Boss of the SOC 2.0 Dataset, Questions and Answers Open-Sourced and Ready for Download
You asked, we delivered – Boss of the SOC 2.0 has been open sourced, including dataset, questions, answers and even a scoring server update!
SIEM: The Steps Before "The First Steps"
Laying the groundwork before taking those first crucial steps towards the best SIEM for your business
Wire Data, Huh! What Is It Good For? Absolutely Everything, Say It Again Now!
A brief overview of wire data, its uses and sources, and the new Splunk Essentials for Wire Data app
Modifying the Incident Review Page
How to modify the Incident Review page and add information to Notable Events in Splunk Enterprise Security
ATT&CK-ing the Adversary: Episode 3 – Operationalizing ATT&CK with Splunk
In the final episode in the MITRE ATT&CK trilogy, we focus on applying what we learned and operationalizing it with ATT&CK to assist our security operations
ATT&CK-ing the Adversary: Episode 2 - Hunting with ATT&CK in Splunk
Using MITRE ATT&CK to focus your threat hunting in Splunk
| datamodel Endpoint
Discover what's new in Splunk Common Information Model (CIM) 4.12