HackDig : Dig high-quality web security articles for hacker

Splunk Custom Search Command: Searching for MISP IOC’s

While you use a tool every day, you get more and more knowledge about it but you also have plenty of ideas to improve it. I’m using Splunk on a daily basis within many customers’ environments as well as for personal purposes. When you have a big database of events, it becomes quickly mandatory to deploy techniques to help you to extract juicy inf
Publish At:2017-10-31 14:55 | Read:4363 | Comments:0 | Tags:MISP Security Splunk Hunting IOC Python

[SANS ISC] Getting some intelligence from malspam

I published the following diary on isc.sans.org: “Getting some intelligence from malspam“. Many of us are receiving a lot of malspam every day. By “malspam”, I mean spam messages that contain a malicious document. This is one of the classic infection vectors today and aggressive campaigns are started every week. Usually, most of them
Publish At:2017-09-18 08:05 | Read:2536 | Comments:0 | Tags:Malware Security Splunk Intelligence SANS ISC

Am I Affected by Cloudbleed?

Yesterday, Cloudflare posted an incident report on their blog about an issue discovered in their HTML parser. A very nice report which is worth a read! As usual, in our cyber world, this vulnerability quickly received a nice name and logo: “Cloudbleed“. I’ll not explain in details the vulnerability here, there are already multiple reviews o
Publish At:2017-02-24 18:30 | Read:2849 | Comments:0 | Tags:Security Cloud Cloudbleed Cloudflare Proxy Splunk

New Cisco AnyConnect Network Visibility Module App for Splunk

Users on the network are an important layer of an organization’s security strategy – and a particularly vulnerable one. In fact, a recent IBM cybersecurity report found that human error was a contributing factor in 95% of all security incidents! It is critical to know what users are doing on the network, especially since some potential high-risk behaviors li
Publish At:2015-12-23 11:40 | Read:3813 | Comments:0 | Tags:Security Cisco AnyConnect Network Visibility Module (NVM) Ci

More Than Just a Pretty Dashboard – Cisco ISE and Splunk Turn Event Data Analysis into Action

Previous blogs in this series, both by Splunk and Cisco, detail how Cisco Identity Services Engine (ISE) can be used to drive enhanced event visibility in Splunk.Splunk is a machine data platform that allows you to search, report, alert, and visualize any data that it ingests. Cisco ISE brings an added dimension to analyzing all this data; it attaches key co
Publish At:2015-01-24 00:25 | Read:3691 | Comments:0 | Tags:Security Cisco Live Milan event investigation Identity Servi

Using Cisco ISE Data to Drive Enhanced Event Visibility in Splunk

Cisco Identity Services Engine (ISE) is commonly associated with use as a network access policy, BYOD and AAA platform. But to do its job in network policy, ISE collects a great breadth of telemetry about network users and devices. Whether a device is trying to access the network or is already connected, ISE knows specifics about:What the device type is (e.g
Publish At:2015-01-21 13:55 | Read:3369 | Comments:0 | Tags:Security byod Cisco ISE Identity Services Engine Network Acc

Tripwire’s Data Adventure at Splunk .conf2014

Earlier this week, the Tripwire team attended the 5th annual Splunk Worldwide Users’ Conference in Las Vegas. The theme this year was Your Data Adventure and the spirit of the event really embodied a whole new world of opportunity that exists in your data.Whether you wanted to improve customer experience, service delivery, enhance IT performance, provide tim
Publish At:2014-10-10 03:20 | Read:3076 | Comments:0 | Tags:Tripwire News .conf2014 Splunk


Share high-quality web security related articles with you:)


Tag Cloud