Blog

Category: Splunk

Threatstream App for Splunk: Introducing Seamless Integration with Enterprise Security

Splunk continues lead the way with it's powerful big data SIEM capabilities inside their Enterprise Security App.Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a...

Read More

The New and Improved Anomali Threatstream Splunk App

Over the past few months I have had the opportunity to talk to so many Anomali customers using our Splunk Commercial App to seamlessly match their data against Threatstream Indicators of Compromise (IOCs). It has been great to see the excitement around the dashboards and insights our app offers that...

Read More

Splunking The Modern Honey Network: Community Data (Part 4)

Over the last 3 weeks, I’ve looked at: ingesting Modern Honey Network data into Splunk, adding context to MHN data using threat feeds, and creating alerts using MHN data.In this post I am going to give you a brief insight into the data that was reported back from...

Read More

Splunking The Modern Honey Network: Honeypot Alert Automation (Part 3)

In my last post, I looked at enriching Modern Honey Network events against a threat feed, specifically Anomali Threatstream IOCs.The idea of enriching events helps filter out false positives — events that pose no real risk to a network. False positives can obviously — and do — waste many...

Read More

Splunking The Modern Honey Network: Adding Context Using Threat Feeds (Part 2)

Last week, I showed how to ingest Modern Honey Network data into Splunk and visualise it with the MHN Splunk App.Hopefully you’ve been getting lots of additional value on-top of the Modern Honey Network web app. I’m sure you’re now ready to...

Read More

Splunking The Modern Honey Network: Getting Value From Your Honeypots Data (Part 1)

Whilst The Modern Honey Network Server alone is powerful, exporting the data for further manipulation and analysis can be very useful. It is common to see security teams feeding MHN attack data directly into their SIEM for correlation against events generated from other security tools, like...

Read More

Get the latest threat intelligence news in your email.