The Anomali Blog: Splunk posts

The Anomali Blog

Analysis and perspectives from the leading voice in threat intelligence.

Category: Splunk

David Greenwood
David Greenwood February 14, 2018

Generating Your Own Threat Intelligence Feeds in ThreatStream

Getting threat intelligence into your existing security products - SIEMs, endpoints, network tools -- can significantly enhance their effectiveness and longevity. Here at Anomali we understand the value of product integrations, so much so that my entire job is to manage the 30+ we currently offer.Recently we launched a feature…

David Greenwood
David Greenwood September 25, 2017

Give Splunk (And Your Security Team) A Helping Hand With Threat Intelligence

Performance is often one of the biggest gripes I hear from Splunk users. Even after spending time carefully architecting a distributed search environment, running it on top-of-the-range hardware, and carefully assigning user permissions, Splunk searches can still often run painfully slowly.This scenario is particularly true of…

David Greenwood
David Greenwood August 3, 2017

Automate Your Workflows With Threat Intelligence Alerts in Slack

Recently, I was speaking to a friend who is using the popular messaging app, Slack, to help run the Security Operations Centre (SOC) at his organisation. Not only have they have setup alerts that feed from their security tools into Slack, but the analysts can run queries against these tools, like Splunk, directly from Slack…

David Greenwood
David Greenwood June 22, 2017

Proactively monitor your network against attacks using our FREE Threat Intelligence in Splunk

A few weeks ago I showed how to use the Anomali ThreatStream Splunk App to hunt known actors that had been observed trying to access your environment, and in some cases where they were already inside.For those who are not yet ThreatStream customers, do not fear. Our free ThreatStream Community Splunk App can get you started with…

David Greenwood
David Greenwood June 8, 2017

Malicious Actors Inside Your Network? Here’s How To Find Them.

As an analyst, context is key.With hundreds, often thousands, of security incidents raised by modern SIEM products it can make the process of triaging the most serious of them incredibly difficult. Adding context to events that form a security incident can help investigations by reducing both time and effort. Sometimes looking at…

David Greenwood
David Greenwood May 25, 2017

Anomali Reports: Analyse Splunk Events To See If You’ve Been Breached

Anomali Reports analyses your companies IT activity against millions of Indicators of Comprimise (IOCs) stored in Threatstream. Each week a Threat Analysis report is automatically generated for you to review. Reports are delivered via web and email and they highlight the most critical security incidents, alerting you to potential…

David Greenwood
David Greenwood April 20, 2017

ThreatStream App for Splunk: Introducing Seamless Integration with Enterprise Security

Splunk continues lead the way with it's powerful big data SIEM capabilities inside their Enterprise Security App.Here at Anomali we were especially excited with one initiative the company introduced last year, Adaptive Response. We liked it so much we partnered with Splunk to give security teams a powerful way to integrate…

Subscribe to the Anomali Newsletter

Get the latest Anomali updates and cybersecurity news straight to your inbox each month.

Subscribe Now