DNS-Based Threat Intelligence It’s 2022, and by now your SIEM undoubtedly can download threat intelligence indicators lists such as IP addresses, domains, URLs, and file hashes. It can also correlate those lists against activity logged within your organization,...
Export Splunk Data for Self-Service Analytics It’s Not a SPLing Contest Do most of your staff know how to write SPL? Of course, not; some users get it, but others either don’t know, can’t be bothered to learn, or just plain don’t have the time. So, how do you...
Gettin’ Fuzzy With It What’s So Fuzzy About It? Sometimes you know what you’re looking for in life, and other times you’re not so sure. The same concept applies to searching data when there’s so much of it. Whether you’re a cybersecurity analyst or a...
Introducing the HTTP Event Push App for Splunk A New Splunk App: HTTP Event Push (HEP) Introduction We introduced a new Splunk app last week called HTTP Event Push (HEP). As the name implies, it enables you to push Splunk search results to a remote HTTP endpoint. It...
