recentpopularlog in

splunk

« earlier   
Cheat-Sheets
"Windows logging Cheat Sheet", "Splunk Logging Cheat Sheet"
Windows  Security  Registry  Powershell  Forensics  SIEM  Splunk  ThreatHunting  DFIR  CheatSheet 
9 days ago by snkhan
Splunk Enterprise Security: How to remove a notable event from the "Security Posture" dashboard after investigation? - Question | Splunk Answers
set search condition: status_group="New"

| `es_notable_events` | search timeDiff_type=current status_group="New" | stats sparkline(sum(count),30m) as sparkline,sum(count) as count by rule_name | sort 100 - count
splunk 
16 days ago by bwiese
ThreatStream Matches As Notable Events in Splunk? Here's How...
The search looks like this:

| `ts_tstats_all` | `ts_lookup_details` | `ts_get_time_offset(_time, ts_date_last)` | where ts_confidence >= 80 AND Age < 31 AND (like(ts_itype, "apt%") OR like(ts_itype, "c2%") OR like(ts_itype, "mal%")) | eval orig_sourcetype=sourcetype
splunk  anomali  threatstream  threathunting  cyberthreatintel 
16 days ago by bwiese
Building Integrations for Splunk Enterprise Security | Splunk
Splunk ES - includes prepackaged dashboards, correlations, and incident response workflows to help security teams analyze and respond to their network, endpoint, access, malware, vulnerability, and identity information.

Use Frameworks: Notable Events, Asset & Identity, Threat Intelligence, Risk, Adaptive Response
splunk  cybersecurity  siem  threathunting 
17 days ago by bwiese
jay-johnson/deploy-to-kubernetes: Deploy a distributed AI stack to a multi-host or single-host Kubernetes cluster on Ubuntu and also works on AWS - and comes with: cert-manager + redis-cluster + rook-ceph for persistent storage + minio s3 object store + s
Deploy a distributed AI stack to a multi-host or single-host Kubernetes cluster on Ubuntu and also works on AWS - and comes with: cert-manager + redis-cluster + rook-ceph for persistent storage + minio s3 object store + splunk + optional external dns server + affinity examples - :hammer: :wrench: :cloud: - jay-johnson/deploy-to-kubernetes
kubernetes  minio  postgres  splunk  rook  helm 
22 days ago by hayzer
Twitter
Great session on IT Operation Analytics. End to end visibility with &
Splunk  CDPz  from twitter_favs
5 weeks ago by chrispoole
Because Ninjas Really Are Too Busy
"When users have this kind of transparency and freedom to iterate, they trust and rely on data more. That is the holy grail of a data-informed culture."
splunk  interana  analytics  honeycomb 
7 weeks ago by christine.y

Copy this bookmark:





to read