BLOG
Category: Splunk
Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream
Heads Up! A Phishing Attack Early Warning System
You're probably familiar with Anomali's Threat Bulletins. If not, go and have a read of our most recent one covering "TODO." Threat Bulletins provide information about an event to derive information detailing the tactics, techniques, and procedures used by the attacker. This helps you to...
Read More
Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream
Generating Your Own Threat Intelligence Feeds in ThreatStream
Getting threat intelligence into your existing security products - SIEMs, endpoints, network tools -- can significantly enhance their effectiveness and longevity. Here at Anomali we understand the value of product integrations, so much so that my entire job is to manage the 30+ we currently offer.Recently we launched...
Read More
Anomali Enterprise SIEM Splunk Threat Intelligence Platform
Give Splunk (And Your Security Team) A Helping Hand With Threat Intelligence
Performance is often one of the biggest gripes I hear from Splunk users. Even after spending time carefully architecting a distributed search environment, running it on top-of-the-range hardware, and carefully assigning user permissions, Splunk searches can still often run painfully slowly.This scenario is particularly true of security use-cases where...
Read More
Cyber Threat Intelligence SIEM Splunk ThreatStream
ThreatStream Matches As Notable Events in Splunk? Here’s How…
In a previous post I showed how the Anomali ThreatStream Splunk app can integrate with Splunk's own Enterprise Security app to provide analysts with familiar and powerful investigation workflows. Since the post was published I've received a number of emails from the Anomali community asking;...
Read More
Cyber Threat Intelligence Splunk Threat Intelligence Platform ThreatStream
Automate Your Workflows With Threat Intelligence Alerts in Slack
Recently, I was speaking to a friend who is using the popular messaging app, Slack, to help run the Security Operations Centre (SOC) at his organisation. Not only have they have setup alerts that feed from their security tools into Slack, but the analysts can run queries against these tools,...
Read More
Cyber Threat Intelligence SIEM Splunk ThreatStream
Proactively monitor your network against attacks using our FREE Threat Intelligence in Splunk
A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.For those who are not yet ThreatStream customers, do not fear. Our...
Read More
Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform ThreatStream
Malicious Actors Inside Your Network? Here’s How To Find Them.
As an analyst, context is key.With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort....
Read More
Anomali Enterprise Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform
Anomali Reports: Analyse Splunk Events To See If You’ve Been Breached
Anomali Reports analyses your companies IT activity against millions of Indicators of Comprimise (IOCs) stored in Threatstream. Each week a Threat Analysis report is automatically generated for you to review. Reports are delivered via web and email and they highlight the most critical security incidents, alerting you to potential security...
Read More
Cyber Threat Intelligence SIEM Splunk Threat Intelligence Platform
ThreatStream App for Splunk: Introducing Seamless Integration with Enterprise Security
Splunk continues lead the way with it's powerful big data SIEM capabilities inside their Enterprise Security App.Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a powerful...
Read More
SIEM Splunk Threat Intelligence Platform
The New and Improved Anomali Threatstream Splunk App
Over the past few months I have had the opportunity to talk to so many Anomali customers using our Splunk Commercial App to seamlessly match their data against Threatstream Indicators of Compromise (IOCs). It has been great to see the excitement around the dashboards and insights our app offers that...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Community Data (Part 4)
Over the last 3 weeks, I’ve looked at: ingesting Modern Honey Network data into Splunk, adding context to MHN data using threat feeds, and creating alerts using MHN data.In this post I am going to give you a brief insight into the data that was reported back from...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Honeypot Alert Automation (Part 3)
In my last post, I looked at enriching Modern Honey Network events against a threat feed, specifically Anomali Threatstream IOCs.The idea of enriching events helps filter out false positives — events that pose no real risk to a network. False positives can obviously — and do — waste many...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Adding Context Using Threat Feeds (Part 2)
Last week, I showed how to ingest Modern Honey Network data into Splunk and visualise it with the MHN Splunk App.Hopefully you’ve been getting lots of additional value on-top of the Modern Honey Network web app. I’m sure you’re now ready to...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Getting Value From Your Honeypots Data (Part 1)
Whilst The Modern Honey Network Server alone is powerful, exporting the data for further manipulation and analysis can be very useful. It is common to see security teams feeding MHN attack data directly into their SIEM for correlation against events generated from other security tools, like...
Read More
