Saturday, 12 November 2016

My note from Recorded future using Splunk

Splunk is the security nerve centre:
found in SOC/ SIEM and Command centres
Splunk is at the heart of web proxy, firewall, app, network, threat intelligence servers, endpoints, identity, internal network security
It is used to correlate your information from your Recorded future resources or your OSINT.

Adaptive response
Enterprise security (information, permission) is built on Splunk. With Adaptive response you can run a command on an ad-hoc bases.
You can specify the domains and vulnerability type, you can use information from a log file as well. You can run it and find the information Recorded future may have pulled around that vulnerability or IP, you find the rule that was used to pull the information. References could be non traditional from twitter and blogs.

With recorded future, quick response is integrated into Splunk. There's enrichment i.e. adding content to what you are monitoring or to your information. Recorded future data is pulled in in real-time and reduces traffic for analysis.
For example: monitoring an IP, finding it malicious but it may be related to hashes and other IPs, it gives you more locations to investigate.



Seminar from Splunk and Recorded Future

No comments:

Post a Comment