Searching for Threats in Firewall Logs Using Splunk
To search for threats in firewall logs using Splunk, you need to craft a search query that looks for common indicators of malicious activity. Here’s a basic example to get you started:
Open Splunk and navigate to the Search & Reporting app. Enter the search query. A typical search query for firewall logs might look like this:
index=firewall_logs sourcetype="firewall" | search action=blocked OR action=denied OR action=dropped | table _time src_ip dest_ip action signature | dedup src_ip, dest_ip, signature | sort _time This query does the following:
read onUnderstanding Current Security Risks: 2024 Update
In today’s digitally interconnected world, the landscape of security risks is constantly evolving. With new technologies come new vulnerabilities, and cybercriminals are perpetually seeking ways to exploit these weaknesses. This blog post aims to provide an overview of some of the most pressing security risks facing individuals, businesses, and governments today.
1. Phishing Attacks Phishing remains one of the most prevalent and dangerous security threats. Cybercriminals use deceptive emails, messages, or websites to trick individuals into providing sensitive information such as usernames, passwords, and credit card details.
read onThe Lantern Festival at John Ball Zoo
If you’re looking for something magical to do in Grand Rapids, Michigan, you’ve got to check out the Lantern Festival at John Ball Zoo (April 10 - June 16, 2024). This event is hands down one of the most enchanting experiences you can have, combining stunning visuals, rich culture, and a whole lot of fun.
Light Up the Night The moment you step into the zoo during the Lantern Festival, you’re transported into a world of glowing art.
read onHow to Use Hugo with Cloudflare Pages
I have migrated https://gregvedders.com to a Hugo CMS backend which is then hosted in Cloudflare Pages. This is a great no-cost option to host your site. For those who are unfamiliar, Hugo is a static site generator written in Go. Hugo is well known for its speed, and Hugo’s official website states it is “the world’s fastest framework for building websites.” The content within Hugo is created using Markdown. Cloudflare Pages is a JAMstack platform for frontend developers to collaborate and deploy websites.
read onNavigating the Digital Frontier: Exploring the State of Cybersecurity Today
The digital age has brought us unprecedented convenience, efficiency, and innovation. From online banking and social media to IoT devices and cloud computing, our lives are deeply intertwined with technology. However, this digital revolution has also given rise to an array of cyber threats that jeopardize our personal information, financial security, and even national security. As part of this threat landscape, I have created the following presentation (that I used to share with my students) on the state of Cyber Security Today…the good, the bad, and the ugly.
read onUsing ChatGPT to Describe Code
I recently wanted to see if ChatGPT could take some sample code I created for a class I was teaching in PHP. I simply asked the ChatGPT to “explain what this code does” and it quickly output a response.
ChatGPT’s Response For users with older browsers, a conditional statement is in place. If someone visits the page using an outdated version of Internet Explorer (version 9 or below), special scripts are included to ensure that the modern features of the webpage still work as intended.
read onPhish vs Spam vs Total O365 Email in Microsoft Sentinel
Here is a simple Microsoft Sentinel search to show how much phishing/spam email is received vs good email for a specified user in a given time frame.
let UserToAnalyze="[email protected]"; EmailEvents | where RecipientEmailAddress==UserToAnalyze | project RecipientEmailAddress, ThreatTypes | evaluate pivot(ThreatTypes) | sort by RecipientEmailAddress asc Thank you to Microsoft for publishing this query on GitHub.
read onLeaked Credentials Search in Microsoft Sentinel
Microsoft Sentinel is a great way to get a handle on your security infrastructure. One of the items that Microsoft Security does an excellent job of is scouring the web for evidence of reused credentials being leaked through a third-party service. While you can manually go through all of the alerts located in the portal.cloudappsecurity.com, an easier way to bring this data forward is with the search below:
SecurityAlert\ | summarize arg_max(TimeGenerated, \*) by SystemAlertId\ | where AlertType == "LeakedCredentials"\ | project TimeGenerated, AlertType, Compromised Entity The results can be tweaked by time and date.
read onHow to Post to Twitter From PHP
As a fun little project, I decided to write a PHP script to post jokes and random bits of wisdom to Twitter. Now, I could easily have just logged in to Twitter each time I wanted to share something, but knowing my schedule and track record for follow-through, I instead decided to write a script to send the information to Twitter automatically from some great sources on my local linux install and an API call to https://icanhazdadjoke.
read on