SSL Secured
| |

Ingest logs into Splunk using TLS

In today’s digital world, organizations are generating massive amounts of log data that contain valuable insights into their systems, applications, and networks. Splunk is a popular platform that helps organizations analyze and visualize this log data to gain insights and improve their operations. Today we are going to discuss ingesting syslog from FireEye HX Cloud…

Splunk Threat Activity Detected
| | | | |

Splunk local threat intel

Why yet another Splunk local threat intel article ? Obviously, there are many excellent articles: Unlike other articles, we mainly focus on common operational issues of Splunk local threat intel usage including: Before we start to discuss those operational issues, let’s explore the workflow of threat intelligence framework. Basically, it consists of 4 phases: Threat…

Windows DNS analytical log Event Viewer EventID 261 first reply
| | | | |

Windows DNS logging

Preface Windows DNS logging is NOT our recommended method to collect DNS request and reply transaction for continuous security monitoring. However, sometimes we do not have an option, especially when Windows DNS debug/analytics log is the only available data source during IR investigation. In the first part of this post, we will discuss the Windows…