This blog is part two of Splunk's Sunburst Backdoor response aimed at providing additional guidance to our customers (you can read part one, "Using Splunk to Detect Sunburst Backdoor," by Ryan Kovar). In this blog, we’ll cover how to ingest threat indicators to combat Sunburst Backdoor in Splunk Enterprise Security (ES).

Aurora, a hosted relational database service available on the Amazon cloud, is a popular solution for teams that want to be able to work with tooling that is compatible with MySQL and PostgreSQL without running an actual MySQL or PostgreSQL database. In order to leverage Aurora’s benefits fully, it’s critical to log and analyze the various types of monitoring data that are available from an Aurora environment.

At the recent Illuminate conference, Dave Sudia from GoSpotCheck shared the process that led them to choosing Sumo Logic for their observability needs.

We’re excited to share that the official Elastic Cloud Terraform provider is now available in beta. Operations and SRE teams often rely on Terraform to safely manage production-related infrastructure using methodologies such as infrastructure as code, which allows you to apply peer-reviewed infrastructure changes in an automated and controlled fashion. The provider works with Elasticsearch Service on Elastic Cloud, Elastic Cloud Enterprise, and Elasticsearch Service Private environments.

The Well-Architected Tool is a new AWS service that compares the state of your workloads with AWS architectural best practices. Splunking your workload state and improvement recommendations will give you better insights into your applications as well as best practices to follow along your cloud journey. The Well-Architected integration in Grand Central will give you workload insights broken down by the following 5 pillars.

The FireEye breach on Dec 8, 2020, was executed by a “nation with top-tier offensive capabilities.” These hackers got a hold of FireEye’s own toolkit, which they can use to mount new attacks globally. What does this mean for you? Mandiant is a leading Red Team/Penetration Testing company with a highly sophisticated toolkit, called the "Red Team tools." These are digital tools that replicate some of the best hacking tools in the world.

The global security community recently learned of a supply chain attack against SolarWinds via their Orion® Platform. In this blog we are providing recommendations for Sumo Logic customers to gain a deeper understanding of how to utilize available Indicators of Compromise (IOCs) within our Cloud SIEM offerings to determine your exposure to the attack. Additionally, we’re sharing targeted search recommendations from our Sumo Logic Special Operations (or SpecOps) threat hunting team.

We are delighted to announce that Elastic Cloud on Kubernetes (ECK), the official Elastic Operator, is now a Red Hat OpenShift Certified Operator. The operator helps make it easier to deploy and automate Elasticsearch, Kibana, APM Server, Beats, and Enterprise Search in your OpenShift environment.

This week, the world stopped for a few hours as Google users experienced an outage on a massive scale. The outage affected ALL services which require Google account authentication. This includes the Google Cloud Platform (Cloud Console, Cloud Storage, BigQuery, etc.), Google Workspace (Gmail, Calendar, Docs, Drive, etc.) and Google Classroom. With the myriad of affected platforms, this particular outage was far from passing by unnoticed by users.

Sematext Logs is a Log Management-as-a-service. Think of it as your own central location for logs in the cloud. If you prefer or need to keep logs in your own environment instead of shipping it to the cloud Sematext Enterprise, designed to run on your own infrastructure, makes that possible. You can collect logs from any part of your software stack or infrastructure, IoT devices, network hardware, and much more.