DNS-Based Threat Intelligence It’s 2022, and by now your SIEM undoubtedly can download threat intelligence indicators lists such as IP addresses, domains, URLs, and file hashes. It can also correlate those lists against activity logged within your organization,...
Export Splunk Data for Self-Service Analytics It’s Not a SPLing Contest Do most of your staff know how to write SPL? Of course, not; some users get it, but others either don’t know, can’t be bothered to learn, or just plain don’t have the time. So, how do you...
Demystify Your Dashboards with Tooltips So, you built an amazing dashboard in Splunk and nobody knows how to use it. Now what? The title and description help, but the forms aren’t documented well enough for them to be intuitive. The obvious solution would be text...
Fun (or Less Agony) with Splunk Tstats Getting to Know Tstats Most of us have heard about how fast Splunk’s tstats command can produce fast searches, but there’s not much in the training materials to help us learn how to use it. SPL is already hard enough, so just...
Splunk CIM Performance Hacks CIM Data Model Optimizations The Splunk community has rallied around the concept of data models, and why not? Normalizing data into common field sets helps to build use cases regardless of what vendor your data comes from. Common...
Introducing the HTTP Event Push App for Splunk A New Splunk App: HTTP Event Push (HEP) Introduction We introduced a new Splunk app last week called HTTP Event Push (HEP). As the name implies, it enables you to push Splunk search results to a remote HTTP endpoint. It...
