Operations | Monitoring | ITSM | DevOps | Cloud

What I love about our free and open Elastic SIEM is how easy it is to add new data sources. I’ve learned how to do this firsthand, and thought it’d be helpful to share my experience getting started. Last October, I joined Elastic Security when Elastic and Endgame combined forces. Working with our awesome security community, I’ve had the opportunity to add new data sources for our users to complement our growing catalog of integrations.

New Jersey-based service provider Cognizant is the latest victim of the Maze ransomware attack. This is an unfortunate reality check, proving that hackers don’t stop their calculated, malicious activities for COVID-19. Accordingly, managed service providers (MSPs) are still largely vulnerable to these malicious crimes.

Monitoring all DNS requests in your network, including those that were blocked by (e.g., by a firewall) is a great way to increase visibility, enforce compliance and detect threats. A common problem with collecting DNS logs is that DNS server logs are notoriously hard to parse. Also, parsing only the logs of your DNS servers leaves a blind spot when it comes to usage of, or the attempt to use, an external DNS server like Google's 8.8.8.8.

The Splunk Security Research Team has been working on new improvements and additions to the Splunk Attack Range, a tool that allows security researchers and analysts to quickly deploy environments locally and in the cloud in order to replicate attacks based on attack simulation engines. This deployment attempts to replicate environments at scale, including Windows, workstation/server, domain controller, Kali Linux, Splunk server and Splunk Phantom server.

In this day in age, businesses rely heavily upon their website as a means of driving sales and reaching customers. It is usually the first point of contact between a potential customer and the business, and thus, it commands a level of investment. Because of this, it can be frustrating and upsetting to have one’s web page hacked and rendered useless.

AWS security is an ongoing battle that you must address during every release, every change, and every CVE. When you’re first launching your production application, it’s impossible to check all the boxes; you simply don’t have the time. Until your application gets more adoption, you only have the time to do the bare essentials of security.