Below you will find pages that utilize the taxonomy term “Security”
Advanced Splunk Techniques for Beginners
Welcome to the fascinating world of Splunk, a robust tool that converts machine data into insights that can help guide operational intelligence and business decisions. This post is designed for beginners eager to expand their Splunk knowledge.
Getting Started with Splunk Splunk is a software platform used for searching, monitoring, and analyzing machine-generated data via a web-style interface. Setting up Splunk is straightforward:
Download and install the free version from their official website.
read onSearching for Threats in Firewall Logs Using Splunk
To search for threats in firewall logs using Splunk, you need to craft a search query that looks for common indicators of malicious activity. Here’s a basic example to get you started:
Open Splunk and navigate to the Search & Reporting app. Enter the search query. A typical search query for firewall logs might look like this:
index=firewall_logs sourcetype="firewall" | search action=blocked OR action=denied OR action=dropped | table _time src_ip dest_ip action signature | dedup src_ip, dest_ip, signature | sort _time This query does the following:
read onUnderstanding Current Security Risks: 2024 Update
In today’s digitally interconnected world, the landscape of security risks is constantly evolving. With new technologies come new vulnerabilities, and cybercriminals are perpetually seeking ways to exploit these weaknesses. This blog post aims to provide an overview of some of the most pressing security risks facing individuals, businesses, and governments today.
1. Phishing Attacks Phishing remains one of the most prevalent and dangerous security threats. Cybercriminals use deceptive emails, messages, or websites to trick individuals into providing sensitive information such as usernames, passwords, and credit card details.
read onNavigating the Digital Frontier: Exploring the State of Cybersecurity Today
The digital age has brought us unprecedented convenience, efficiency, and innovation. From online banking and social media to IoT devices and cloud computing, our lives are deeply intertwined with technology. However, this digital revolution has also given rise to an array of cyber threats that jeopardize our personal information, financial security, and even national security. As part of this threat landscape, I have created the following presentation (that I used to share with my students) on the state of Cyber Security Today…the good, the bad, and the ugly.
read onPhish vs Spam vs Total O365 Email in Microsoft Sentinel
Here is a simple Microsoft Sentinel search to show how much phishing/spam email is received vs good email for a specified user in a given time frame.
let UserToAnalyze="[email protected]"; EmailEvents | where RecipientEmailAddress==UserToAnalyze | project RecipientEmailAddress, ThreatTypes | evaluate pivot(ThreatTypes) | sort by RecipientEmailAddress asc Thank you to Microsoft for publishing this query on GitHub.
read onLeaked Credentials Search in Microsoft Sentinel
Microsoft Sentinel is a great way to get a handle on your security infrastructure. One of the items that Microsoft Security does an excellent job of is scouring the web for evidence of reused credentials being leaked through a third-party service. While you can manually go through all of the alerts located in the portal.cloudappsecurity.com, an easier way to bring this data forward is with the search below:
SecurityAlert\ | summarize arg_max(TimeGenerated, \*) by SystemAlertId\ | where AlertType == "LeakedCredentials"\ | project TimeGenerated, AlertType, Compromised Entity The results can be tweaked by time and date.
read on