https://advisory.splunk.com/
Splunk released new patches for the vulnerabilities SVD-2023-0801 to SVD-2023-0807 including an authenticated RCE via serialized session payload

#infosec #splunk

Seems like it’s no longer possible to retrieve an email / browse a mailbox from Time Machine… WHEN DID THAT HAPPENED?

FFS since yesterday it’s the 3rd time Apple’s Time Machine proved it self totally useless.

Lucky me, I can find in #splunk the time frame of a particular email, then #ssh to the server, locate and mount the correct #zfs #snapshot, and finally #grep through my Maildir to retrieve deleted messages.
Huge #PITA Apple!

#Timemachine #apple #wtf

There should be a law against people adding data in to #splunk with bad timestamps

Do you want @haveibeenpwned breaches for all your domains directly in Splunk? Now you can!

Introducing the Have I Been Pwned Domain Search app for Splunk.

https://splunkbase.splunk.com/app/6996

Very special thanks to @troyhunt for his work on HIBP, releasing the Domain Search API last weekend, and collaborating with me on some additional endpoints and rating limiting.

https://www.troyhunt.com/all-new-have-i-been-pwned-domain-search-apis-and-splunk-integration/

#hibp #splunk

Recently I was asked if #sigma rules are supported by #syslog_ng:

https://github.com/SigmaHQ/sigma

syslog-ng has message parsing, filtering, can be used for alerting. But I'm not aware of a tool turning Sigma rules into PatternDB and syslog-ng.conf

Syslog-ng can send logs to #splunk, #elastic stack, @OpenSearchProj, @Graylog, all which already have #sigma rules integrations.

Of course many users use/abuse syslog-ng as a kind of #SIEM-lite.

If you already use syslog-ng with #Sigma rules: let me know!

"@Splunk unveils #Splunk #AI to ease #security and #observability through #GenerativeAI"

Seems like a grab bag of 'capabilities', not products.

And a weird flex to suggest users need AI just to write queries. 🤔

I expected more from an #AIOps pioneer.

https://venturebeat.com/ai/splunk-unveils-splunk-ai-ease-security-observability-through-generative-ai/

Part deux of my #observability and #datamanagement feature series.

https://www.techtarget.com/searchitoperations/feature/Enterprises-rework-log-analytics-to-cut-observability-costs

#loganalytics #splunk #coralogix #netflix #puma #streaminganalytics #itmanagement #itmonitoring #monitorama

https://www.splunk.com/en_us/training/certification-track/splunk-certified-cybersecurity-defense-analyst.html Splunk Certified Cybersecurity Defense Analyst —> Free Beta Exam
#infosec #splunk

https://advisory.splunk.com/advisories/SVD-2023-0606 And the same vulnerability for splunk enterprise (updated advisory with additional patches)

#infosec #splunk #vulnerability

https://advisory.splunk.com/advisories/SVD-2023-0702 Unauthenticated Log Injection In Splunk SOAR Vulnerability CVE-2023-3997

#infosec #splunk #vulnerability

First day on the job after vacation. Deep dove into logs to check for MobileIron attacks. Good times. #splunk

I haven't mentioned it before but I'd just like to take a moment to express how unfunny #Splunk marketing materials are. In fact the name Splunk... Yeah.

I think my favourite thing coming out of #Splunk at #conf23 is that the #opentelemetry collector is going to be available as a TA for UFs meaning existing customers don't need to install a separate agent to start getting value from #observability tools.

And a final announcement from @splunk #CEO for the new #Splunk #AI. Light on details but appears to be a #GenAI assistant for (among other things??) writing SPL. Useful. Could be exciting. Need more details on this one for sure!!

#SplunkConf23

And a final announcement from @splunk #CEO for the new #Splunk #AI. Light on details but appears to be a #GenAI assistant for (among other things??) writing SPL. Useful. Could be exciting. Need more details on this one for sure!!

#SplunkConf23

#Digital Success is a #visibility problem. #Splunk is coming at it from 3 vectors

#SplunkConf23

Yesterday I migrated over 350 #Splunk Modular Inputs from one stack to another in an afternoon. My goal is to do entire Splunk Cloud Migrations in 1 business day.

Sometimes you know exactly the visualisation you want but can't find the #splunk app to do it for you... but sometimes it lands in your lap

😍 https://apps.splunk.com/app/4370/

Recent Google bullshit: they seem to have de-indexed the #splunk search reference - in fact, most searched for a term that's in the docs don't come up with the docs link on the first - or even second - page of results. The community forums come up a lot but I just want to get to the documentation, the absolute authoritative source for every command and config item. In a sane search engine, it would be the first result every time.

Another #enshittification example for @pluralistic

I'm speaking at #splunk .conf23 in Las Vegas! https://conf.splunk.com/session-catalog.html?search=%22Brett%20Adams%22#/