Keeping track of the relationship between hostnames and IP addresses over time gives important context during incident response or any other forensic activity. This article will walk through one wa...

The Nginx Proxy Manager is an effortless way to expose services securely. This pre-built docker image enables you to easily forward to your websites running at home or otherwise, including free SSL...

Splunk SOAR helps you as a security analyst to focus on what’s essential, security—taking away meaningless time on tasks that could easily be automated. As a former security analyst, one thing I f...

In Splunk Enterprise Security, the Urgency levels for the out-of-the-box Risk notables will not be assigned correctly. Add this simple solution to fix it. By default, a risk object’s priority is n...

How to dynamically add MITRE ATT&CK annotations from an existing data source to use with Splunk Risk Based Alerting (RBA). RBA has been a game changer for increasing the fidelity of alerts you...

The SA-AwsAssets is another supporting add-on to make it easier to start with the Asset & Identity framework for Splunk Enterprise Security (ES). Similar to the SA-CrowdstrikeDevices and SA-Sen...

Canarytokens are a free, quick, painless way to help defenders discover they’ve been breached (by having attackers announce themselves.) When triggered, they generate an alert that can be ingested ...

The SA-SentinelOneDevices is another supporting add-on to make it easier to get started with the Asset & Identity framework for Splunk Enterprise Security (ES). Similar to the SA-CrowdstrikeDev...

Quickly populate your asset database with data from CrowdStrike. I have been working with Splunk Enterprise Security (ES) for over 5 years now and a recurring theme I run into with customers is th...