BLOG
Category: SIEM
Cyber Threat Intelligence SIEM Splunk ThreatStream
ThreatStream Matches As Notable Events in Splunk? Here’s How…
In a previous post I showed how the Anomali ThreatStream Splunk app can integrate with Splunk's own Enterprise Security app to provide analysts with familiar and powerful investigation workflows. Since the post was published I've received a number of emails from the Anomali community asking;...
Read More
Cyber Threat Intelligence SIEM Splunk ThreatStream
Proactively monitor your network against attacks using our FREE Threat Intelligence in Splunk
A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.For those who are not yet ThreatStream customers, do not fear. Our...
Read More
Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream
Malicious Actors Inside Your Network? Here’s How To Find Them.
As an analyst, context is key.With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort....
Read More
Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform
Anomali Reports: Analyse Splunk Events To See If You’ve Been Breached
Anomali Reports analyses your companies IT activity against millions of Indicators of Comprimise (IOCs) stored in Threatstream. Each week a Threat Analysis report is automatically generated for you to review. Reports are delivered via web and email and they highlight the most critical security incidents, alerting you to potential security...
Read More
Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform
ThreatStream App for Splunk: Introducing Seamless Integration with Enterprise Security
Splunk continues lead the way with it's powerful big data SIEM capabilities inside their Enterprise Security App.Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a powerful...
Read More
SIEM Splunk Threat Intelligence Platform
The New and Improved Anomali Threatstream Splunk App
Over the past few months I have had the opportunity to talk to so many Anomali customers using our Splunk Commercial App to seamlessly match their data against Threatstream Indicators of Compromise (IOCs). It has been great to see the excitement around the dashboards and insights our app offers that...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Community Data (Part 4)
Over the last 3 weeks, I’ve looked at: ingesting Modern Honey Network data into Splunk, adding context to MHN data using threat feeds, and creating alerts using MHN data.In this post I am going to give you a brief insight into the data that was reported back from...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Honeypot Alert Automation (Part 3)
In my last post, I looked at enriching Modern Honey Network events against a threat feed, specifically Anomali Threatstream IOCs.The idea of enriching events helps filter out false positives — events that pose no real risk to a network. False positives can obviously — and do — waste many...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Adding Context Using Threat Feeds (Part 2)
Last week, I showed how to ingest Modern Honey Network data into Splunk and visualise it with the MHN Splunk App.Hopefully you’ve been getting lots of additional value on-top of the Modern Honey Network web app. I’m sure you’re now ready to...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Getting Value From Your Honeypots Data (Part 1)
Whilst The Modern Honey Network Server alone is powerful, exporting the data for further manipulation and analysis can be very useful. It is common to see security teams feeding MHN attack data directly into their SIEM for correlation against events generated from other security tools, like...
Read More
Cyber Threat Intelligence Malware Research SIEM
Anomali Labs: Evidence of a New Framework POS Campaign
Anomali labs research team has come across a new FrameworkPOS campaign that seems to be slowly picking up. This campaign although is not as big as the former ones found during our initial research still gives us clues about how active the actors behind this activity are.Samples observed During...
Read More
Cyber Threat Intelligence SIEM Threat Intelligence Platform
Addressing the “last mile” problem for Threat Intelligence data
Over the last several months, ThreatStream has rebranded as Anomali and launched two new products-- Anomali Enterprise and Anomali Reports. Today we announced a new C-round of funding for the company, in what is widely known as a time when it is harder to get funding from venture capitalist firms....
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Threat Intelligence Platform
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools
A couple weeks ago, Nicholas Albright and myself from ThreatStream Labs offered a workshop at BSidesLV 2015 on Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools. This was a packed class and we ended up having more attendees than the maximum class size. This made teaching the...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM
Monitoring Anonymizing Networks (TOR/I2P) for Threat Intelligence
Disclaimer: Due to the prevalence of illegal material, specifically illegal images, we highly recommend only experienced researchers who understand the risks perform research in this area. Regardless of the experience of the investigator, disabling image loading or downloading should be the first step to prevent accidental exposure to this...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM
The Blind Spot
In cyber security ignorance is never blissful. It is down-right scary. Many security operation teams have yet to develop an internal threat intelligence strategy and are currently operating with large blind spots when it comes to threats. Let's walk through a simple scenario to help you...
Read More
Cyber Threat Intelligence SIEM Threat Intelligence Platform ThreatStream
ThreatStream OPTIC Maltego Integration
ThreatStream LABS is excited to announce the capability for ThreatStream customers to utilize OPTIC's extensive intelligence database from within Paterva's Maltego Data and Link visualization tool using our new Maltego transforms. These transforms allow users to enrich entities and expand on indicators of warning (IOW)...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Threat Intelligence Platform
Introducing ShockPot: The intelligence driven defense against ShellShock
While the security community is still recovering from the Heartbleed exploit disclosed this past April, here comes another game changing vulnerability: ShellShock. The simple but severe vulnerability is one of the most commonly deployed command line software shells and puts millions of systems at risk to local and...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Threat Intelligence Platform
The Security Operations Holy Grail
Responding to a data-breach is hard. But understanding how you got there is key to moving an effective defense towards reality. In security operation centers (SOC), it's often said you have to crawl before you walk. Most enterprise firms are just now capable of walking. To us,...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Threat Intelligence Platform
Latest Security Trends - Blackhat, Defcon and B-Sides wrap-up
Blackhat, Defcon and B-Sides wrap-upHow are we advancing security?As the annual conferences have come to a wrap there are some exciting trends to come out of the industry's most exciting annual conferences. Some of the key take-aways align directly with the vision and products of ThreatStream so...
Read More
Cyber Threat Intelligence SIEM
Create an Army of Raspberry Pi Honeypots on a Budget
Hi! My name is Nathan Yee and I’m an intern at ThreatStream. I’m studying computer science and mathematics at the University of Arizona. Most recently, I worked on deploying a Raspberry Pi as a Dionaea honeypot for the recently announced Modern Honey Network project.Why Internal...
Read More
