https://advisory.splunk.com/
Splunk released new patches for the vulnerabilities SVD-2023-0801 to SVD-2023-0807 including an authenticated RCE via serialized session payload
Seems like it’s no longer possible to retrieve an email / browse a mailbox from Time Machine… WHEN DID THAT HAPPENED?
FFS since yesterday it’s the 3rd time Apple’s Time Machine proved it self totally useless.
Lucky me, I can find in #splunk the time frame of a particular email, then #ssh to the server, locate and mount the correct #zfs #snapshot, and finally #grep through my Maildir to retrieve deleted messages.
Huge #PITA Apple!
#splunk #ssh #zfs #snapshot #grep #pita #timemachine #apple #wtf
There should be a law against people adding data in to #splunk with bad timestamps
Do you want @haveibeenpwned breaches for all your domains directly in Splunk? Now you can!
Introducing the Have I Been Pwned Domain Search app for Splunk.
https://splunkbase.splunk.com/app/6996
Very special thanks to @troyhunt for his work on HIBP, releasing the Domain Search API last weekend, and collaborating with me on some additional endpoints and rating limiting.
https://www.troyhunt.com/all-new-have-i-been-pwned-domain-search-apis-and-splunk-integration/
Recently I was asked if #sigma rules are supported by #syslog_ng:
https://github.com/SigmaHQ/sigma
syslog-ng has message parsing, filtering, can be used for alerting. But I'm not aware of a tool turning Sigma rules into PatternDB and syslog-ng.conf
Syslog-ng can send logs to #splunk, #elastic stack, @OpenSearchProj, @Graylog, all which already have #sigma rules integrations.
Of course many users use/abuse syslog-ng as a kind of #SIEM-lite.
If you already use syslog-ng with #Sigma rules: let me know!
#sigma #syslog_ng #splunk #elastic #siem
"@Splunk unveils #Splunk #AI to ease #security and #observability through #GenerativeAI"
Seems like a grab bag of 'capabilities', not products.
And a weird flex to suggest users need AI just to write queries. 🤔
I expected more from an #AIOps pioneer.
#splunk #ai #security #observability #generativeai #aiops
Part deux of my #observability and #datamanagement feature series.
#loganalytics #splunk #coralogix #netflix #puma #streaminganalytics #itmanagement #itmonitoring #monitorama
#observability #datamanagement #loganalytics #splunk #coralogix #netflix #puma #streaminganalytics #itmanagement #itmonitoring #monitorama
https://www.splunk.com/en_us/training/certification-track/splunk-certified-cybersecurity-defense-analyst.html Splunk Certified Cybersecurity Defense Analyst —> Free Beta Exam
#infosec #splunk
https://advisory.splunk.com/advisories/SVD-2023-0606 And the same vulnerability for splunk enterprise (updated advisory with additional patches)
#infosec #splunk #vulnerability
https://advisory.splunk.com/advisories/SVD-2023-0702 Unauthenticated Log Injection In Splunk SOAR Vulnerability CVE-2023-3997
#infosec #splunk #vulnerability
First day on the job after vacation. Deep dove into logs to check for MobileIron attacks. Good times. #splunk
I haven't mentioned it before but I'd just like to take a moment to express how unfunny #Splunk marketing materials are. In fact the name Splunk... Yeah.
I think my favourite thing coming out of #Splunk at #conf23 is that the #opentelemetry collector is going to be available as a TA for UFs meaning existing customers don't need to install a separate agent to start getting value from #observability tools.
#splunk #conf23 #opentelemetry #observability
#Digital Success is a #visibility problem. #Splunk is coming at it from 3 vectors
#digital #visibility #splunk #splunkconf23
Yesterday I migrated over 350 #Splunk Modular Inputs from one stack to another in an afternoon. My goal is to do entire Splunk Cloud Migrations in 1 business day.
Sometimes you know exactly the visualisation you want but can't find the #splunk app to do it for you... but sometimes it lands in your lap
Recent Google bullshit: they seem to have de-indexed the #splunk search reference - in fact, most searched for a term that's in the docs don't come up with the docs link on the first - or even second - page of results. The community forums come up a lot but I just want to get to the documentation, the absolute authoritative source for every command and config item. In a sane search engine, it would be the first result every time.
Another #enshittification example for @pluralistic
I'm speaking at #splunk .conf23 in Las Vegas! https://conf.splunk.com/session-catalog.html?search=%22Brett%20Adams%22#/