The Anomali Blog: SIEM posts

The Anomali Blog

Analysis and perspectives from the leading voice in threat intelligence.

Category: SIEM

David Greenwood
David Greenwood February 14, 2018

Generating Your Own Threat Intelligence Feeds in ThreatStream

Getting threat intelligence into your existing security products - SIEMs, endpoints, network tools -- can significantly enhance their effectiveness and longevity. Here at Anomali we understand the value of product integrations, so much so that my entire job is to manage the 30+ we currently offer.Recently we launched a feature…

David Greenwood
David Greenwood October 26, 2017

What I’ve Learned as a Part-Time Cyber Threat Analyst Using Anomali Match

A few months ago I wrote a post detailing how Anomali Match helped me to identify a malware threat to my home network. Many have since emailed me asking how they can do the same (please keep them coming!).Since writing that post, my router has generated millions of logs that have been ingested by Anomali Match (thankfully still no…

David Greenwood
David Greenwood September 25, 2017

Give Splunk (And Your Security Team) A Helping Hand With Threat Intelligence

Performance is often one of the biggest gripes I hear from Splunk users. Even after spending time carefully architecting a distributed search environment, running it on top-of-the-range hardware, and carefully assigning user permissions, Splunk searches can still often run painfully slowly.This scenario is particularly true of…

David Greenwood
David Greenwood June 22, 2017

Proactively monitor your network against attacks using our FREE Threat Intelligence in Splunk

A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.For those who are not yet ThreatStream customers, do not fear. Our free ThreatStream Community Splunk App can get you started with…

David Greenwood
David Greenwood June 8, 2017

Malicious Actors Inside Your Network? Here’s How To Find Them.

As an analyst, context is key.With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort. Sometimes looking at…

David Greenwood
David Greenwood May 25, 2017

Anomali Reports: Analyse Splunk Events To See If You’ve Been Breached

Anomali Reports analyses your companies IT activity against millions of Indicators of Comprimise (IOCs) stored in Threatstream. Each week a Threat Analysis report is automatically generated for you to review. Reports are delivered via web and email and they highlight the most critical security incidents, alerting you to potential…

Subscribe to the Anomali Newsletter

Get the latest Anomali updates and cybersecurity news straight to your inbox each month.

Subscribe Now