Splunk IOC Threat Feed- Open Threat Exchange

Ingesting open source threat feeds should be a trivial effort, especially considering the value they typically contain. Based on my experience getting feeds populating and ingesting into a log management platform, it was anything but simple.  I recently found the OTX add-on for Splunk, which seems to satisfy all my needs. The OTX Add-on requires … Continue reading "Splunk IOC Threat Feed- Open Threat Exchange"

Read More

Security Onion & Splunk: Alert Analysis Workflow/Examples

Security Onion & Splunk is setup successfully, everything is ingesting and properly alerting but now what? That largely depends on your individual situation, but I can assume you’ll see some alerts and need to do an investigation.  So this article will address how to use Security Onion & Splunk to perform an investigation on your … Continue reading "Security Onion & Splunk: Alert Analysis Workflow/Examples"

Read More

Setup IDS at Home- Security Onion 2020

Security Onion is probably the best IDS tool any InfoSec analyst can familiarize themselves with.  It has a load of open-source tools that every organizations should have deployed in some form. Whether it’s snort IPS, Zeek IDS, OSSEC HID or using Security Onion to search your logs in Elasticsearch, you can easily deploy and start … Continue reading "Setup IDS at Home- Security Onion 2020"

Read More