My account

Blog

About a week ago we got this info from one of our partners “We are seeing phishing emails flying in our environment (Internal to Internal)” along with sharing an email sample with us. Today we’re going to analyze the recent phishing attacks targeted at Fortune 500 and Global 2000 companies dubbed “Stealthphish” aimed at compromising […]

Integrating QRadar with VirusTotal

1,003

Hello. In the last article we considered creating rules, and today I want to describe the method that will help SIEM administrators respond to possible security incidents faster. When working with information security incidents in QRadar it is extremely important to increase operators’ and analysts’ operation speed in SOC. Usage of built-in tools provides ample […]

In the previous article I have demonstrated how to create a simple dashboard that monitors accessibility of sources in Splunk. Today I want to demonstrate you how to make any table in the dashboard more obvious and convenient. Let’s look at my last article and continue to improve the functionality of the table that I […]

A very common task for all ArcSight content developers is cleaning active lists on a scheduled basis or on-demand automatically. In the previous post I have described how to clear Active Lists on scheduled bases using trends: https://socprime.com/en/blog/active-lists-in-arcsight-automatic-clearing-part-1/ Today I will show you another two ways how this can be achieved. Automatic clearing of Active Lists […]

In the previous article, we have examined using depends panel for creating convenient visualizations in dashboards. If you missed it, follow the link: https://socprime.com/blog/using-depends-panels-in-splunk-for-creating-convenient-drilldowns/ Many people who begin to study Splunk have questions about monitoring the availability of incoming data: when the last time the data came from a particular source, when the data ceased […]