Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Splunk SOAR Feature Video: Contextual Action Launch

Jul 27, 2021 By Splunk In Splunk
Splunk SOAR apps have a parameter for action inputs and outputs called "contains". These are used to enable contextual actions in the Splunk SOAR user interface. A common example is the contains type "ip". This is a powerful feature that the platform provides, as it allows the user to chain the output of one action as input to another.
View Video

Splunk SOAR Feature Video: Configure Third Party Tools

Jul 27, 2021 By Splunk In Splunk
To get started in Splunk SOAR, you will need to configure an asset. Assets are the security and infrastructure assets that you integrate with the Splunk SOAR platform, like firewalls and endpoint products. Splunk SOAR connects to these assets through apps. Apps extend the platform by integrating third-party security products and tools.
View Video
tigera

Do you really need a service mesh?

Jul 27, 2021 By Phil DiCorpo In Tigera

The challenges involved in deploying and managing microservices have led to the creation of the service mesh, a tool for adding observability, security, and traffic management capabilities at the application layer. While a service mesh is intended to help developers and SREs with a number of use cases related to service-to-service communication within Kubernetes clusters, a service mesh also adds operational complexity and introduces an additional control plane for security teams to manage.

Read Post
ivanti

Zero Trust Network Access: Accelerating Zero Trust Maturity with nZTA

Jul 27, 2021 By Lisa Perri In Ivanti

Covid made the hypothetical necessity of IT risk planning a reality. Many organizations responded to the immediate need for remote workforces by adding more VPN licenses. But while adding more VPN capacity solved the problem of resource access, it also led to network bottlenecks and application latencies.

Read Post
elastic

Defending the Internet of Things from hackers and viruses

Jul 27, 2021 By Leon Gubbels In Elastic

The 2010 Stuxnet malicious software attack on a uranium enrichment plant in Iran had all the twists and turns of a spy thriller. The plant was air gapped (not connected to the internet) so it couldn’t be targeted directly by an outsider. Instead, the attackers infected five of the plant’s partner organizations, hoping that an engineer from one of them would unknowingly introduce the malware to the network via a thumb drive.

Read Post
elastic

Collecting and operationalizing threat data from the Mozi botnet

Jul 27, 2021 By Elastic Security Intelligence & Analytics Team In Elastic

Detecting and preventing malicious activity such as botnet attacks is a critical area of focus for threat intel analysts, security operators, and threat hunters. Taking up the Mozi botnet as a case study, this blog post demonstrates how to use open source tools, analytical processes, and the Elastic Stack to perform analysis and enrichment of collected data irrespective of the campaign.

Read Post
splunk

Detecting SeriousSAM CVE-2021-36934 With Splunk

Jul 27, 2021 By Splunk Threat Research Team In Splunk

SeriousSAM or CVE-2021-36934 is a Privilege Escalation Vulnerability, which allows overly permissive Access Control Lists (ACLs) that provide low privileged users read access to privileged system files including the Security Accounts Manager (SAM) database. The SAM database stores users' encrypted passwords in a Windows system. According to the Microsoft advisory, this issue affects Windows 10 1809 and above as well as certain versions of Server 2019.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.