Threat intelligence feeds are a critical part of modern cybersecurity. Widely available online, these feeds record and track IP addresses and URLs that are associated with phishing scams, malware, bots, trojans, adware, spyware, ransomware and more. Open source threat intelligence feeds can be extremely valuable—if you use the right ones. While these collections are plentiful, there are some that are better than others.
Hello, security enthusiasts! This is part seven (can you believe it?) of the Elastic SIEM for home and small business blog series. If you haven’t read the first six blogs in the series, you may want to before going any further. In the prerequisite blogs we created our Elasticsearch Service deployment (part 1), secured access to our cluster by restricting privileges for users and Beats (part 2), then we created an ingest pipeline for GeoIP data and reviewed our Beats configurations (part 3).
In the last couple of posts we covered the various ways of connecting data sources to Azure Monitor Logs (Part 2: Getting Started, Part 3: Solutions), so by now we should have loads of data to play around with. The data we’ve collected so far is largely just a blob, and probably not very useful at this point. “Solutions” help with this, but the real fun part starts now: making sense of the data you have using the Kusto Query Language – better known as KQL.
We're happy to announce that we've just launched our newly designed dashboard for our logs & metrics platform, allowing DevOps & security professionals to see their vital metrics quicker than ever before. Our team has been keen to respond to the needs of our users through undertaking dedicated research which informed the creation of this latest update to the platform's design. This new design provides improved real-time feedback to users managing & creating new ELK stacks.
If you haven’t yet heard...Splunk dashboards are new and improved! We released a new dashboard framework as a beta app at .conf19, and have been working hard to improve it since then. This blog post will cover the highest-impact features in the release. For notes on every feature, see the release notes on Splunkbase. To see a run-anywhere dashboard highlighting the key features from this release, copy the JSON definition from our Github.
10 years ago, Google was facing a critical bottleneck caused by extremely prolonged C++ compilation times and needed a totally new way to solve it. Google engineers tackled the challenge by creating a new language called Go (aka Golang). The new language of Go borrows the best parts of C++, (most notably it’s performance and security features) and combines it with the speed of Python to enable Go to quickly use multiple cores while being able to implement concurrency.
First things first, why would you want to collect logs from Palo Alto and send them to a Cloud SIEM? There are many reasons. At its core, having a centralized location with a consistent user experience for managing alerts, notifications, and information coming from the technologies securing your environment can provide value in a lot of ways. In this blog, we’ll discuss how to collect, parse, and analyze Palo Alto logs in Logz.io Cloud SIEM, and how it can help secure your cloud workloads.
We’re happy to announce a new version of icingabeat, v7.5.2. With this release we ensure the compatibility with Elasticsearch 7.x and Logstash 7.x. Icingabeat is an Elastic Beat that fetches data from the Icinga 2 API and sends it either directly to Elasticsearch or Logstash. To get you data forwarded, icingabeat connects to the Icinga 2 event stream and receives all events happening within Icinga in real time.
Phishing attacks aren’t going away anytime soon. The numbers from Verizon’s 2019 DBIR Report and SANS Institute prove only one thing: When you’ve done all you can to protect against phishing attacks, that means it’s time to do more.
