Splunk patched the CSRF bug (and a gazillion others I didn't find)! I guess I get to stop adding it to reports ...
Splunk Vulnerability DisclosureSplunk Security Advisories Archive
Recent searches
Search options
#splunk
0 posts0 participants0 posts today
ICYMI: on the latest #TechstrongTV I join the Gang to go deep on #Google #acquisition of #CNAP (#cloud #cybersecurity) with #Wiz, esp. how it hits #AWS, #Azure, #Cisco, #Splunk, #Crowdstrike, #PANW, ++. Just don't call it #DevSecOps!
Plus, #AI is failing, even for religion!
https://techstrong.tv/videos/videos/techstrong-gang-march-19-2025
Techstrong TVTechstrong Gang - March 19, 2025 - Techstrong TVAlan, Mike, Mitch, Andi Mann and Lisa Martin, CMO Advisor for The Futurum Group, dive into why Google is spending $32 billion to acquire Wiz, a provider of a cloud native application protection platform (CNAPP).Then, the gang discusses the challenges organizations are running into as they attempt to operationalize artificial intelligence (AI) before discussing the impact AI might have on religion.
ICYMI, on the latest #TechstrongTV I join the Gang to go deep on #Google #acquisition of #CNAP (#cloud #cybersecurity) with #Wiz, esp. how it hits #AWS, #Azure, #Cisco, #Splunk, #Crowdstrike, #PANW, ++. Just don't call it #DevSecOps!
Plus, #AI is failing, even for religion!
https://techstrong.tv/videos/videos/techstrong-gang-march-19-2025
Techstrong TVTechstrong Gang - March 19, 2025 - Techstrong TVAlan, Mike, Mitch, Andi Mann and Lisa Martin, CMO Advisor for The Futurum Group, dive into why Google is spending $32 billion to acquire Wiz, a provider of a cloud native application protection platform (CNAPP).Then, the gang discusses the challenges organizations are running into as they attempt to operationalize artificial intelligence (AI) before discussing the impact AI might have on religion.
ICYMI, on the latest #TechstrongTV I join the Gang to go deep on #Google #acquisition of #CNAP (#cloud #cybersecurity) with #Wiz, esp. how it hits #AWS, #Azure, #Cisco, #Splunk, #Crowdstrike, #PANW, ++. Just don't call it #DevSecOps!
Plus, #AI is failing, even for religion!
https://techstrong.tv/videos/videos/techstrong-gang-march-19-2025
Techstrong TVTechstrong Gang - March 19, 2025 - Techstrong TVAlan, Mike, Mitch, Andi Mann and Lisa Martin, CMO Advisor for The Futurum Group, dive into why Google is spending $32 billion to acquire Wiz, a provider of a cloud native application protection platform (CNAPP).Then, the gang discusses the challenges organizations are running into as they attempt to operationalize artificial intelligence (AI) before discussing the impact AI might have on religion.
Super new drop from #TechstrongTV! I join the Gang to go deep on #Google #acquisition of #CNAP (#cloud #cybersecurity) with #Wiz, esp. how it hits #AWS, #Azure, #Cisco, #Splunk, #Crowdstrike, #PANW, ++. Just don't call it #DevSecOps!
Plus, #AI is failing, even for religion!
https://techstrong.tv/videos/videos/techstrong-gang-march-19-2025
Techstrong TVTechstrong Gang - March 19, 2025 - Techstrong TVAlan, Mike, Mitch, Andi Mann and Lisa Martin, CMO Advisor for The Futurum Group, dive into why Google is spending $32 billion to acquire Wiz, a provider of a cloud native application protection platform (CNAPP).Then, the gang discusses the challenges organizations are running into as they attempt to operationalize artificial intelligence (AI) before discussing the impact AI might have on religion.
Replied in thread
@fistfulofdave that was my follow up argument. When I’m using #Splunk to report on stuff I can eyeball the results from a first pass at writing a query, then debug and finesse it. With an #AI / #LLM you’re putting complete trust in its output, you can’t ask to “see it’s working”, as it were.
Do I know anyone who works for/on #splunk ?
I'm evaluating its #accessibility for #screenReader users v8.26 for the #tryHackMe #AdventOfCyber challenges and let's just say I have some feedback to share. I can absolutely see that work has been done but I think an expert review is sorely needed :) Who do I talk to about that? #infoSec #cybersecurity
Hey fellow #OpenSearch fans. I'm curious if there's a way to do #Splunk syntax type searches? I came to OpenSearch from solr, graylog, and ELK, so I'm generally content with Lucene syntax, but overcoming the muscle memory has been more challenging from some coworkers that are used to Splunk. I would love to see OpenSearch become more of the goto over Splunk and this capability would go a long way to making that happen.
JOB ALERT
My team (#Splunk #SURGe) is looking for a mid- or senior-level researcher. The job involves participating and leading research teams, then publishing and speaking about what you learn for the benefit of the #cybersecurity community. We are a small team, but very supportive of each other and extremely collaborative. If this sounds like you, apply today!
Hey, I just tested an instance of Splunk and I didn't find this! How did I miss...
"According to Splunk, only instances running on Windows machines are affected by this vulnerability."
Oh. Never mind.
https://www.securityweek.com/splunk-enterprise-update-patches-remote-code-execution-vulnerabilities/
Cisco Talos Incident Response is now available to all #Splunk customers! Learn how Talos IR can help you assess, strengthen and evolve your cybersecurity program and make sure your systems are resilient against the worst-case scenarios http://cs.co/6017YdCpd
I'm working on a use case to detect unusual increases in interactive logins to Windows machines, indicating potential lateral movement (MITRE T1021). To achieve this, I’m using a tstats search on the authentication data model, leveraging standard deviation to calculate dynamic thresholds by user and asset. If these thresholds are breached, an alert is triggered.
Here’s a more detailed look at the SPL I’m using:
| tstats summariesonly=true dc(Authentication.dest) as device_count from datamodel=Authentication where Authentication.action=success AND source=WinEventLog:Security AND NOT Authentication.user IN ("DWM-*" "UMFD-*") by _time span=1d Authentication.user
| eventstats avg(device_count) as avg_devices stdev(device_count) as stdev_devices by Authentication.user
| eval threshold=avg_devices + 2.5*stdev_devices
| where device_count > threshold AND stdev_devices > 1
This approach helps in identifying potential security threats by dynamically adjusting thresholds based on user and asset behavior.
Interested in the SPL or need it for another SIEM system? Drop a comment or DM me! 
Hello Mastodon!
I'm Steven Butterworth, aka UKITGURU. I specialise in InfoSec and SIEM technologies (Splunk, Sentinel, Elastic). As a freelancer, I create and deliver SIEM content, working with gov departments and private sectors. Passionate about Data Science, Data Engineering, and data literacy. Avid triathlon enthusiast—never enough bikes! 
Looking forward to connecting!
#InfoSec
#SIEM
#Splunk
#Sentinel
#DataScience
#Triathlon
#Cycling
Hello Mastodon!
I'm Steven Butterworth, aka UKITGURU. I specialise in InfoSec and SIEM technologies (Splunk, Sentinel, Elastic). As a freelancer, I create and deliver SIEM content, working with gov departments and private sectors. Passionate about Data Science, Data Engineering, and data literacy. Avid triathlon enthusiast—never enough bikes!
Looking forward to connecting!
Got to bring my father into one of the larger caves - a new experience for him.
There are hundred of lava tube caves in southern Washington. Some are a tight squeeze, others offer vast open rooms with 50’ tall ceilings.
I am not a #DataScience person, so I need the wisdom of the #LazyWeb to help me out, please.
(I’m running queries on #Splunk, but I don’t think this question applies to Splunk only.)
I have a report running hourly to calculate metrics and store these to a separate index (in Splunk terms, a “summary metrics index”), for faster querying later. It's a data roll-up. (1/4)
Where are my #splunk contacts who can get me into a SOC tour at #splunkconf24 ? My rep never had the access to send invites out. I had a blast checking out the #Blackhat_NOC last time I was in town for a conference and would welcome the opportunity to compare. I’m also attempting persistence by just waiting to see if someone won’t show up.
