Splunk – Pfarrside InfoSec

Splunk IOC Threat Feed- Open Threat Exchange

Posted: May 05, 2020 Under: Splunk By sqearl No Comments

Ingesting open source threat feeds should be a trivial effort, especially considering the value they typically contain. Based on my experience getting feeds populating and ingesting into a log management platform, it was anything but simple. I recently found the OTX add-on for Splunk, which seems to satisfy all my needs. The OTX Add-on requires … Continue reading "Splunk IOC Threat Feed- Open Threat Exchange"

Security Onion & Splunk: Alert Analysis Workflow/Examples

Posted: May 05, 2020 Under: InfoSec 101 By sqearl No Comments

Security Onion & Splunk is setup successfully, everything is ingesting and properly alerting but now what? That largely depends on your individual situation, but I can assume you’ll see some alerts and need to do an investigation. So this article will address how to use Security Onion & Splunk to perform an investigation on your … Continue reading "Security Onion & Splunk: Alert Analysis Workflow/Examples"

Setup SIEM @ Home with Splunk & Security Onion

Posted: May 02, 2020 Under: HomeIDS By sqearl No Comments

Published: May 2, 2020 In this article, I’ll go over installing Splunk on-top of Security Onion, which we installed in my last post: Setup HomeIDS. I don’t recommend installing your log management system on the same machine as your IDS in production, but it’s great for easy analysis, development or a POC. First thing is … Continue reading "Setup SIEM @ Home with Splunk & Security Onion"

Intro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel

Posted: May 01, 2020 Under: HomeIDS By sqearl No Comments

I decided to write a series of articles detailing how you can practice the basic skills need to be an Information Security Analyst. If you’re looking to get into the InfoSec field, and blue team/threat hunting sounds interesting, these articles should guide you through setting up up your home IDS & Threat Intel lab. Every … Continue reading "Intro to Security Analysis- Home Lab: SIEM, IDS & Threat Intel"

Splunk- Threat Hunting & Security Analysis Presentation

Posted: August 03, 2019 Under: InfoSec 101 By sqearl No Comments

This is a presentation Edward Wade and I delivered at the University of California Davis Information Security Symposium 2019. It reviews building a Splunk infrastructure for security, as well as developing threat hunting and security analysis capabilities.