Blog

Filter: Splunk

Splunk Threat Intel IOC Integration via Lookups

by Florian Roth | Sep 6, 2015

Today most security teams have access to a lot of different information sources. On the one hand they collect log data from different sources and try to correlate them in a useful way in so-called SIEM systems. On the other hand they receive threat information from...

Detect System File Manipulations with SysInternals Sysmon

by Florian Roth | Mar 21, 2015

SysInternals Sysmon is a powerful tool especially when it comes to anomaly detection. I recently developed a method to detect system file manipulations, which I would like to share with you. We know how to track processes with the standard Windows audit policy option...

GDPR Cookie Consent with Real Cookie Banner

Blog

Filter: Splunk

Categories

Splunk Threat Intel IOC Integration via Lookups

Detect System File Manipulations with SysInternals Sysmon