In late February 2024, Mandiant identified APT29, a Russian state-sponsored threat group, deploying a new backdoor called WINELOADER to target German political parties. This campaign marks a significant shift in APT29's targeting, as they have traditionally focused on government and diplomatic entities. The expansion to political parties suggests an evolution in the group's intelligence gathering priorities, likely influenced by the current geopolitical climate.
|
By Coty Sugg
Given the recent exciting news of Splunk becoming part of Cisco, for this edition of Splunk SOAR Playbook of the Month, we thought what better way to showcase how the combination of Cisco and Splunk can help users achieve more comprehensive security than through a playbook that combines the power of Cisco Umbrella and Splunk SOAR.
|
By Abby Curtis
If IT security is top-of-mind for you and your organization, asset and application discovery is critical — you need to know all of the assets you have in order to identify any areas of vulnerability.
|
By Fernando Jorge
As the cybersecurity landscape continually evolves, SOCs must quickly identify, evaluate, and counteract cyberattacks. In the heat of a security investigation or incident response, achieving rapid visibility and rich contextual insights about the attack are not merely advantageous, but essential.
|
By Abby Curtis
As the digital landscape continues to evolve, new cyber threats continue to emerge. It’s imperative to have safeguards in place early on in the product development process. That’s where Secure by Design comes in.
|
By Fernando Jorge
In the fast-paced world of cybersecurity, where the threat landscape is continuously evolving, organizations face unprecedented challenges. An expanding attack surface, rising vulnerabilities, and a relentless onslaught of cyberattacks have significantly increased organizational risk.
|
By Cui Lin
One of the most challenging aspects of running an effective Security Operations Center (SOC) is how to account for the high volume of notable events that actually do not present a risk to business. These events often include common occurrences like users forgetting their passwords a ridiculous number of times or accessing systems at odd hours for valid reasons. Despite their benign nature, struggling to handle the volume of such potential threats may often overwhelm limited staff.
|
By Tamara Chacon
In this installment of Hunting with Splunk we’re showing you how to detect suspicious and potentially malicious network traffic to “new” domains. First, let’s delve into what we mean by “new” domains and why you should make a habit of detecting this activity in the first place. (Part of our Threat Hunting with Splunk series, this article was originally written by Andrew Dauria. We've updated it recently to maximize your value.)
Two critical vulnerabilities have been exposed in JetBrains TeamCity On-Premises versions up to 2023.11.3. Identified by Rapid7’s vulnerability research team in February 2024, CVE-2024-27198 and CVE-2024-27199 pose a significant threat, enabling unauthenticated attackers to potentially gain administrative control or execute code remotely on affected TeamCity servers.
|
By Ryan Fetterman
Welcome to the final installment in our “Add to Chrome?” research! In this post, we'll experiment with a method to find masquerading, or suspicious clusters of Chrome extensions using Model-Assisted Threat Hunting (M-ATH) with Splunk and the Data Science & Deep Learning (DSDL) App. M-ATH is a SURGe-developed method from the PEAK framework, which uses models or algorithms to help find threat-hunting leads, or to help make complex problems more approachable.
|
By Splunk
The Cisco Umbrella DNS Denylisting playbook is an input playbook that accepts a domain or list of domains as an input and then allows you to block the given domain(s) in Cisco Umbrella.
|
By Splunk
SOC analysts are overwhelmed sifting through a sea of notable events. They are unable to prioritize events and act fast. With Auto Refresh in the Incident Review interface, users will not have to re-run the Incident Response search or refresh the page. Furthermore, an interactive timeline for notable events within the Incident Response interface enables the SOC to quickly prioritize critical incidents.
|
By Splunk
With the enhanced risk analysis dashboard in Splunk Enterprise Security, security analysts can now monitor user entity risk events from detections across risk-based alerting and behavioral analytics, which provides a deeper, and more holistic, layer of visibility across all detection events.
|
By Splunk
A SOC analyst's day-to-day tasks involve investigating notable events to gather information about security incidents. Recent enhancements within the Incident Review and Risk Analysis dashboards in Splunk Enterprise Security allows analysts to streamline their investigation process and reduce the number of manual tasks they perform daily. Multiple drill-down searches on correlation rules, updates to "dispositions" in the Incident Review dashboard, and hyperlinks in Correlation Search “Next Steps” allow for faster, more efficient investigations.
|
By Splunk
A traditional endpoint security solution (EDR/XDR) isn't cutting it anymore today. Learn more about how our market-leading SIEM solution can help organisations detect what endpoint solutions miss and other critical benefits to tackle the challenges of today's threat landscape.
|
By Splunk
Learn how Splunk Attack Analyzer automates threat analysis for credential phishing and malware threats.
|
By Splunk
In this program, we hear from industry leaders focused on how to transform their teams and organizations while facing these challenges and how they address the gap in technically skilled employees while trying to foster this transformation. Speakers: Ed Hubbard, Director, Site Reliability and Monitoring - Travelport Mitch Ashley, CTO, Techstrong Group Principal - Techstrong Research James Brodsky, Group Vice President, Global Security Strategists - Splunk.
|
By Splunk
Join Ryan Kovar and special guest Kirsty Paine, Field CTO and Strategic Advisor at Splunk, for a conversation about her work on technical standards and emerging technologies, including artificial intelligence, IoT, and quantum computing.
|
By Splunk
Logic Loops are a feature in Splunk SOAR that allow users to reduce the operational complexity of building and maintaining playbooks that require repeatable looping functionalities without having to write their own custom code. This iterative function allows users to automatically retry playbook actions if they fail, or continue with the rest of the playbook when the action succeeds. This function can be applied to use cases like sandbox engines for malicious URL quarantine and remediation as well as forensic investigation workflows.
|
By Splunk
Join Audra Streetman and special guest Eric McGinnis, Senior Threat Researcher at Splunk, for a conversation about Detection as Code and how it helps to streamline the threat detection process, especially at scale.
|
By Splunk
The hype around artificial intelligence (AI) and machine learning (ML) has exploded, sometimes overshadowing the real uses and innovations happening everyday at organizations across the globe. The reality is that applying AI and ML to data-dependent challenges presents opportunity for better security, faster innovation and overall improved efficiency.
|
By Splunk
Do you have a plan for cybersecurity? Digital technology is touching every aspect of our lives, which is giving bad actors unlimited runway to create new threats daily. It's this atmosphere that makes it imperative that organizations are prepared, informed and actively hunting for adversaries.
|
By Splunk
Cyberattacks are top of mind for organizations across the globe. In fact, 62 percent of firms are being attacked at least weekly and 45 percent are experiencing a rise in the number of security threats. But do organizations have the processes in place to investigate and effectively respond to these incidents? IDC recently surveyed security decision makers at 600 organizations to understand the state of security operations today.
|
By Splunk
How can you utilize machine data to be prepared for the General Data Protection Regulation of the European Union?
|
By Splunk
A security information event management (SIEM) solution is like a radar system that pilots and air traffic controllers use. Without one, enterprise IT is flying blind. Although security appliances and system software are good at catching and logging isolated attacks and anomalous behavior, today's most serious threats are distributed, acting in concert across multiple systems and using advanced evasion techniques to avoid detection.
|
By Splunk
Security incidents can happen without warning and they often go undetected for long periods of time. Organizations struggle to identify incidents because they often work in silos or because the amount of alerts is overwhelming and hard to determine the signals among the noise.
|
By Splunk
All data is security relevant and defending against threats involves every department in a company. With cyberthreats and bad actors constantly evolving, it is imperative for everyone in an organization to come together to identify and protect critical data.
|
By Splunk
Recent cyberattacks have made it clear that organizations of all sizes need to focus on a holistic and cohesive security strategy. Security operations centers (SOCs) have become a focal point in this effort, consolidating the right people, processes and technology to mitigate and remediate attacks.
|
By Splunk
Current IT security tools and mindsets are no longer adequate to meet the scope and complexity of today's threats. Internet security has evolved over the last ten years but advanced persistent threats and the sophistication of the malware have fundamentally changed the way security teams must think about these new threats and the tools used for detective controls.
- April 2024 (6)
- March 2024 (11)
- February 2024 (13)
- January 2024 (21)
- December 2023 (21)
- November 2023 (11)
- October 2023 (27)
- September 2023 (24)
- August 2023 (25)
- July 2023 (22)
- June 2023 (37)
- May 2023 (32)
- April 2023 (32)
- March 2023 (36)
- February 2023 (20)
- January 2023 (21)
- December 2022 (9)
- November 2022 (19)
- October 2022 (12)
- September 2022 (9)
- August 2022 (14)
- July 2022 (8)
- June 2022 (7)
- May 2022 (13)
- April 2022 (11)
- March 2022 (7)
- February 2022 (2)
- January 2022 (9)
- December 2021 (14)
- November 2021 (23)
- October 2021 (12)
- September 2021 (16)
- August 2021 (14)
- July 2021 (20)
- June 2021 (17)
- May 2021 (6)
- April 2021 (10)
- March 2021 (15)
- February 2021 (10)
- January 2021 (5)
- December 2020 (4)
- November 2020 (9)
- October 2020 (6)
- September 2020 (6)
- August 2020 (7)
- July 2020 (10)
- June 2020 (3)
- May 2020 (9)
- April 2020 (13)
- March 2020 (5)
- February 2020 (6)
- January 2020 (5)
- December 2019 (1)
- October 2019 (1)
- May 2019 (1)
- October 2018 (1)
- June 2018 (2)
- May 2018 (1)
- April 2018 (2)
- March 2018 (1)
- February 2018 (1)
- January 2018 (1)
Splunk produces software for searching, monitoring, and analyzing machine-generated big data, via a Web-style interface.
Splunk turns machine data into answers. Regardless of your organization’s size and industry, Splunk can give you the answers you need to solve your toughest IT, security and business challenges—with the option to deploy on-premises, in the cloud or via a hybrid approach.
Work the Way Your Data Works:
- Real-Time: Splunk gives you the real-time answers you need to meet customer expectations and business goals.
- Machine Data: Use Splunk to connect your machine data and gain insights into opportunities and risks for your business.
- Scale: Splunk scales to meet modern data needs — embrace the complexity, get the answers.
- AI and Machine Learning: Leverage artificial intelligence (AI) powered by machine learning for actionable and predictive insights.
Any Question. Any Data. One Splunk.