Category Archives: Splunk Tutorials

Splunk Cloud Platform recently introduced a new feature which empowers administrators to make changes in their Splunk Cloud Platform environment that previously required support tickets. This feature, the Admin Config Service (ACS) API, will be a great… Continue reading Using Splunk Cloud Platform ACS API→

Splunk recently made the following change to their AppInspect recommendations regarding jQuery libraries: Assess your jQuery dependencies in the packaged libraries and if any file uses jQuery libraries from the internal Splunk library. Best practice go… Continue reading Local jQuery Setup in Splunk→

When working with your Splunk environment or troubleshooting an issue, we (or Splunk Support if you aren’t a Hurricane Labs Managed Splunk Services customer) may need to collect some additional information from the system to assist with troubleshooting… Continue reading How to Generate a Diag in Splunk→

Trickbot and Ryuk With the recent outbreak of Ryuk in hospitals, detecting the precursors to the ransomware has become a more visible priority. Ryuk has a history of being deployed after an enterprise has been compromised by Trickbot. The problems with… Continue reading Splunking with Sysmon Part 4: Detecting Trickbot→

Dynamic thresholding using standard deviation is a common method we used to detect anomalies in Splunk correlation searches. However, one of the pitfalls with this method is the difficulty in tuning these searches. This is where the wonderful streamsta… Continue reading Using Splunk Streamstats to Calculate Alert Volume→

PsExec is another powerful tool created by Windows Sysinternal. It was created to allow Administrators to remotely connect to and manage Windows systems. Because of the power of PsExec, many different malware actors have used it in various forms of mal… Continue reading Splunking with Sysmon Part 3: Detecting PsExec in your Environment→

A while back, Zerologon came along and helped everyone look really hard at the effectiveness of their operating system (OS) patching strategy.  If you’re looking for more information on the exploit, there’s an excellent write-up by Lares Labs on the na… Continue reading Using Splunk Enterprise Security to Look for Zerologon Exploit Attempts→

As a Splunk administrator, I often find my first instinct when analyzing data is to index it. Splunk offers a lot of tools and convenient interfaces, making it a one stop shop for data analysis. However, this approach can sometimes lead to the type of … Continue reading Day in the Life of a Data Junkie→

Almost all devices have logs. As you may already know, you can ingest all your logs in a centralized location with Splunk. Imagine an organization with workstations, servers, POS systems, network appliances, and IOT devices. Wouldn’t it be neat to have… Continue reading Why Splunk: The Benefits of Better Logging→

One of great things about Splunk is that if there’s a data source you want to capture, there’s probably a way to do it. I recently needed to configure Google Drive audit logging to track student activity in an international security competition. For ma… Continue reading Your In-Depth Guide to Collecting Google Drive Activity Logs in Splunk→