Knowledge Portal

CIM: What… Why… How…

During your SIEM journey there will be many terms thrown your way, understanding those terms is absolutely essential when it comes to your security environment. In this article, we will bring clarity to one of the more important terms in SIEM, CIM (Common Information Model) Lets Start with the Basics!

Read More

What is SOAR Technology?

There’s currently a major adoption occurring around SOAR products Security Orchestration, Automation and Response. What is SOAR? SOAR is next-generation security software products that are designed to automate the common, and fairly remedial tasks that Security Analysts face.

Read More

AWS Lambda vs AWS Firehose

Splunk has multiple methods in regards to Getting Data In (GDI). One very popular method is the Http Event Collector (HEC). The use of the HEC allows data ingestion into Splunk via HTTP POST messages. Two popular methods that send POST messages out of AWS into Splunk are the AWS services: Lambda and Firehose.

Read More

Caught Red Handed…. Using Splunk to Catch Retail Theft Rings

According to The National Retail Federation, retail theft costs U.S. companies $30 Billion a year, with “professional/habitual shoplifters” responsible for 10% ($3b) of all retail theft. And the problem is only getting worse, with losses increasing at 7% year per year. How can you defend yourself against these losses?

Read More

Logging Cloudwatch Events

Logging for Cloudwatch Events using Splunk HEC Welcome to another installment on how to log multiple AWS accounts into Splunk, when the recommended method is not feasible. In this article we will take a look at Splunking AWS Cloudwatch Event data using an HTTP Event Collector (HEC) input.

Read More