Category: Blog

Splunk SOAR: HUD Tutorial
  • Blog
  • Splunk

Splunk SOAR: Introduction to the HUD Space

The goal here is to aggregate the detections to maximize your chances of detecting this critical attack. A part of that is gathering the list of IOCs scattered in multiple locations on the internet and looking at activity that could point to the MeowCorp Ransomware exploitation. Here at TekStream, we have several security engineers that are intimate with cybersecurity knowledge and especially the logs of our clients. To get help building detection for your specific client, fill in the form below and get access to our Splunk/security expertise. 
  • Blog
  • Security Bulletin

TekStream Security Bulletin: APT Spotlight Ransomware from MeowCorp

TekStream Security Bulletin: Splunk Takes Out SysJoker Variant
  • Blog
  • Security Bulletin

TekStream Security Bulletin: Splunk Takes Out SysJoker Variant Written in Rust

TekStream Tutorial: Troubleshooting Multiple Splunk Forwarders
  • Blog
  • Splunk

Troubleshooting Splunk Forwarders Tutorial: Send Commands to Multiple Splunk Forwarders (Linux)

TekStream Security Bulletin: Use Splunk to Swat StripedFly
  • Blog
  • Security Bulletin

TekStream Security Bulletin: Use Splunk to Swat StripedFly

Datamodel is really like Savedsearches, providing structure to underlying unstructured data. Datamodel has multiple datasets, where datasets are like a table in the traditional database. In Splunk, when we create dataset, we create with some constrains. This blog walks through the end-to-end flow of a datamodel in Splunk ES. By the end of this demonstration, you will find the above definition makes sense.
  • Blog
  • Splunk

How Datamodel Works in Splunk ES

Splunk SOAR: Make the most of your HUD Space with Pin lists
  • Blog
  • Splunk

Splunk SOAR: Make the Most of Your HUD Space with Pin Lists

So what are these annoying SPL commands that can cause data to be lost? The three main ones are the sort, join and append commands. In this blog we will be going over each of these commands and how they can cause data loss. Fortunately, in Splunk there is usually more than one way to get things done and we will explore ways to not use these commands if you have large datasets or if you expect to have large data sets in the future.
  • Blog
  • Splunk

Three Splunk Commands That Can Cause Loss of Data

Security Bulletin: Inject Splunk to Detect HTML Injection in NetScaler
  • Blog
  • Security Bulletin
  • Splunk

Security Bulletin: Inject Splunk to Detect HTML Injection in Citrix NetScaler