Ingesting open source threat feeds should be a trivial effort, especially considering the value they typically contain. Based on my experience getting feeds populating and ingesting into a log management platform, it was anything but simple. I recently found the OTX add-on for Splunk, which seems to satisfy all my needs. The OTX Add-on requires … Continue reading "Splunk IOC Threat Feed- Open Threat Exchange"
Read MoreCategory: Splunk
Security Onion & Splunk: Alert Analysis Workflow/Examples
Security Onion & Splunk is setup successfully, everything is ingesting and properly alerting but now what? That largely depends on your individual situation, but I can assume you’ll see some alerts and need to do an investigation. So this article will address how to use Security Onion & Splunk to perform an investigation on your … Continue reading "Security Onion & Splunk: Alert Analysis Workflow/Examples"
Read MoreSetup SIEM @ Home with Splunk & Security Onion
Published: May 2, 2020 In this article, I’ll go over installing Splunk on-top of Security Onion, which we installed in my last post: Setup HomeIDS. I don’t recommend installing your log management system on the same machine as your IDS in production, but it’s great for easy analysis, development or a POC. First thing is … Continue reading "Setup SIEM @ Home with Splunk & Security Onion"
Read MoreIntro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel
I decided to write a series of articles detailing how you can practice the basic skills need to be an Information Security Analyst. If you’re looking to get into the InfoSec field, and blue team/threat hunting sounds interesting, these articles should guide you through setting up up your home IDS & Threat Intel lab. Every … Continue reading "Intro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel"
Read MoreSplunk- Threat Hunting & Security Analysis Presentation
This is a presentation Edward Wade and I delivered at the University of California Davis Information Security Symposium 2019. It reviews building a Splunk infrastructure for security, as well as developing threat hunting and security analysis capabilities.
Read More