Splunk IOC Threat Feed- Open Threat Exchange

Ingesting open source threat feeds should be a trivial effort, especially considering the value they typically contain. Based on my experience getting feeds populating and ingesting into a log management platform, it was anything but simple.  I recently found the OTX add-on for Splunk, which seems to satisfy all my needs. The OTX Add-on requires … Continue reading "Splunk IOC Threat Feed- Open Threat Exchange"

Read More

Security Onion & Splunk: Alert Analysis Workflow/Examples

Security Onion & Splunk is setup successfully, everything is ingesting and properly alerting but now what? That largely depends on your individual situation, but I can assume you’ll see some alerts and need to do an investigation.  So this article will address how to use Security Onion & Splunk to perform an investigation on your … Continue reading "Security Onion & Splunk: Alert Analysis Workflow/Examples"

Read More

Setup SIEM @ Home with Splunk & Security Onion

Published: May 2, 2020 In this article, I’ll go over installing Splunk on-top of Security Onion, which we installed in my last post: Setup HomeIDS. I don’t recommend installing your log management system on the same machine as your IDS in production, but it’s great for easy analysis, development or a POC. First thing is … Continue reading "Setup SIEM @ Home with Splunk & Security Onion"

Read More

Intro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel

I decided to write a series of articles detailing how you can practice the basic skills need to be an Information Security Analyst. If you’re looking to get into the InfoSec field, and blue team/threat hunting sounds interesting, these articles should guide you through setting up up your home IDS & Threat Intel lab. Every … Continue reading "Intro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel"

Read More