Grey's Academy 301: Grey's Academy with GrayMatter
Talking about deceptionGUARD.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Securing DevSecOps - Threat Research Release October 2021
DevSecOps stands for Development, Security and Operations. This is a practice aimed to automate or design security integration throughout the software development lifecycle or workflow. Nowadays, collaborative frameworks and projects that share security protocols from end to end are really common, so DevSecOps practices attempt to emphasize building infrastructure with a strong security foundation and stable automation workflow and phases. Watch the video below to learn more about Securing DevSecOps.
Splunk Wins Third Ever NAVWAR Enterprise Artificial Intelligence Prize Challenge for Exceptional SOAR Capabilities
Naval Information Warfare Systems Command (NAVWAR) enterprise recently announced that Splunk is the winner of its third prize challenge in the Artificial Intelligence Applications to Autonomous Cybersecurity (AI ATAC) Challenge series.
Splunk SOAR Playbooks: Suspicious Email Domain Enrichment
This playbook focuses specifically on domain names contained in the ingested email, and it uses Cisco Umbrella Investigate to add the risk score, risk status, and domain category to the event in Splunk SOAR.
Splunk SOAR Feature Overview: Visual Playbook Editor + Input Playbooks
Splunk SOAR’s new, modern visual playbook editor makes it easier than ever to create, edit, implement and scale automated playbooks to help your team eliminate security analyst grunt work, and respond to security incidents at machine speed. Now, anyone can automate, allowing your team to achieve faster time to value from your SOAR tool. In this demo, we'll show you how to build an "input playbook". Input playbooks are used to automate simple IT and security tasks, and can then be leveraged as part of larger, more complex playbooks for a more modular approach to automation. For a more in-depth look at the new visual playbook editor and input playbooks, watch this video.
Detecting Remcos Tool Used by FIN7 with Splunk
We decided to try to run a well-known Remote Access Trojan (RAT) called Remcos used by FIN7. This tool has been around for some time and has a reputation for being stealthy and effective in controlling compromised hosts. Sold as a remote computer monitoring tool, this tool has plenty of features that can allow an operator behind the control to do multiple operations against a compromised system.
FIN7 Tools Resurface in the Field - Splinter or Copycat?
FIN7 is a well-organized criminal group composed of highly-skilled individuals that target financial institutions, hospitality, restaurant, and gambling industries. Until recently, it was known that high-level individuals of this criminal enterprise were arrested — specifically 3 of them — and extradited to the United States. This criminal group performed highly technical malicious campaigns which included effective compromise, exfiltration and fraud using stolen payment cards.
Cloud Data Modeling for Security
Tune in to this Tech Talk to learn about normalizing data from different cloud vendors, the difference between perimeter and cloud security posture, and Splunk tools to achieve vendor wide security monitoring, detection and defense.
Splunk SOAR Playbook - Finding and Disabling Inactive Users on AWS
Tune in to the Tech Talk to learn about the importance of regularly checking inactive user accounts within your organization, how to automate the process of checking for these users, and how these Splunk Phantom playbooks work together to protect your AWS environment.
Play Now with BOTS Partner Experiences: Corelight
In December 2019, a small team met at the Splunk office in Boulder to figure out how we could provide a 24x7x365 experience for Boss of the SOC (BOTS). As we started brainstorming, this broadened to include workshops to provide an opportunity to learn in addition to a place to play.