![]() Using Workflow Actions & OSINT for Threat Hunting in Splunk.Using Splunk Stream to find malicious activity in your network Splunk Stream for Hunting: Finding Islands in the Stream (of Data).Start here, with the Lookup command! Compare IOCs or other items of interest against your Splunk dataset Using the Lookup Command for Threat Hunting (Lookup Before You Go-Go).Splunk commands like stats, eval and lookups will be examined. We will cover everything from hypothesis generation to IDS. We will help you create a solid base of Splunk knowledge that you can then use in your own environment to hunt for evil. (Brand new to Splunk? Explore our SIEM solution, Splunk Enterprise Security: Learn about Splunk ES | Tour Splunk ES)Įach of these articles take a single Splunk search command or hunting concept and break it down to its basic parts. This series will serve as your foundation for hunting with Splunk. Monthly security reading recommendationsĬheck out all these resources from SURGe and sign up for rapid response alerts.Our weekly Coffee Talk with SURGe broadcasts.Original research like our analysis of ransomware binaries and a macro-level ATT&CK analysis.All of this is delivered to you in a variety of forms: The SURGe team focuses on in-depth analysis of the latest cybersecurity news and finding answers to security problems. The team behind this series is SURGe, an in-house security research team at Splunk. Hunting the Known Unknowns with PowerShell (.conf2016 Presentation: PDF ).Hunting the Known Unknowns with DNS (.conf2015 Presentation: MP4 & PDF).Incident Response is Dead… Long Live Incident Response from long-time friend Scott J.Threat Hunting vs Threat Detection: What's The Difference?.NEW: PEAK Threat Hunting Framework Series.Threat Hunting: Everything To Know About Hunting Cyber Threats.Here's some brand new and forever-favorite resources, too, that are about threat hunting with or without Splunk: So, let's make it clear, this entire series is about using Splunk for your threat hunting activities. Want to learn more about threat hunting in general? Keep reading for more information about hunting and the team behind this series, SURGe. That's why we're updating this series, one article at a time, verifying that each tutorial is the best resource for some aspect of hunting, all using Splunk. ![]() Today, we are doubling-down on our threat hunting capabilities. (Hint: it isn’t.) So, that’s why we started writing this series in 2017. Going back to at least a decade, we’ve tried to make it easy - as you’ll see in the resources below - and yet threat hunting is about as easy as telling someone how easy it is to draw an owl. Why, all you need to do is use X and Y with Splunk to find a Z score (no zombies were injured) and BOOM! That baddie in your network is detected. At Splunk, you may hear us pontificating on our ponies about how awesome and easy it is to use Splunk to hunt for threats.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |