Tag: Splunk

Splunk. How to make color table rows based on conditions.
Splunk. How to make color table rows based on conditions.

In the previous article I have demonstrated how to create a simple dashboard that monitors accessibility of sources in Splunk. Today I want to demonstrate you how to make any table in the dashboard more obvious and convenient. Let’s look at my last article and continue to improve the functionality of the table that I […]

Read More
Creating a simple dashboard that monitors accessibility of sources in Splunk
Creating a simple dashboard that monitors accessibility of sources in Splunk

In the previous article, we have examined using depends panel for creating convenient visualizations in dashboards. If you missed it, follow the link: https://socprime.com/blog/using-depends-panels-in-splunk-for-creating-convenient-drilldowns/ Many people who begin to study Splunk have questions about monitoring the availability of incoming data: when the last time the data came from a particular source, when the data ceased […]

Read More
Using depends panels in Splunk for creating convenient drilldowns
Using depends panels in Splunk for creating convenient drilldowns

In the previous article, we have examined simple integration with external web resources using drilldowns. If you missed it, follow the link: https://socprime.com/en/blog/simple-virus-total-integration-with-splunk-dashboards/ Today we will get acquainted with one more interesting variant of drilldowns in Splunk: using depends panels. Depends panels in Splunk: an interesting way to use drilldowns in dashboards Very often there is […]

Read More
Simple Virus Total integration with Splunk dashboards
Simple Virus Total integration with Splunk dashboards

Simple integration helps search for malicious processes Greetings Everyone! Let’s continue to turn Splunk into a multipurpose tool that can quickly detect any threat. My last article described how to create correlation events using Alerts. Now I’ll tell you how to make a simple integration with Virus Total base. Many of us use Sysmon in […]

Read More
Creating Correlation Events in Splunk using Alerts
Creating Correlation Events in Splunk using Alerts

Many SIEM users ask a question: How do Splunk and HPE ArcSight SIEM tools differ? ArcSight users are confident that correlation events in ArcSight are a weighty argument in favor in using this SIEM because Splunk does not have the same events. Let’s destroy this myth. Splunk has many options to correlate events. So in […]

Read More
Simple correlation scenario for Splunk using lookup tables
Simple correlation scenario for Splunk using lookup tables

Events correlation plays an important role in the incident detection and allows us to focus on the events that really matter to the business services or IT/security processes.

Read More
International conference on cyber security “Cyber For All”
International conference on cyber security “Cyber For All”

24.11.2016 SOC Prime, Inc hosted the first international conference on cyber security “Cyber For All” in Kyiv, Ukraine. SOC Prime staff and business partners made presentations and several customers shared their real success stories of their usage of SOC Prime products. Conference was attended mainly by representatives of the telecom and finance business community of Ukraine. Kyiv […]

Read More