Extracting fields in SPL
Sometimes when working with new log sources or unfamiliar event records being shipped to Splunk, you’ll encounter logs with important…
Threats
Elastic Flattened Fields Explained
Elastic has many “Field Types”. Flattened is a type that allows you to search subfields. Typically for cyber security analysts…
Splunk: How to Make Lookup Based on Wildcards
1) Add to transforms.conf stanza: batch_index_query = 0 case_sensitive_match = 0 filename = field_from_sourcetype.csv match_type = WILDCARD(Sourcetype) JOIN FOR FREE…
Splunk: How to Output Nested json as One Field
Often, especially when providing context to analysts who are responsible for triaging alerts, it is useful to provide all of…
BlackSuit Ransomware Detection: Ignoble Scorpius Escalates Attacks, Targets 90+ Organizations Worldwide
Emerging last year as the successor to Royal ransomware, BlackSuit has quickly evolved into a highly sophisticated malicious spinoff, aggressively…
BianLian Ransomware Detection: AA23-136A Joint Cybersecurity Advisory Details on TTPs Leveraged by BianLian Operators in the Ongoing Malicious Campaigns
Following a wave of cyber attacks by the Iran-linked hacking collective tracked as Pioneer Kitten, the FBI, CISA, and authoring…
Fickle Stealer Malware Detection: New Rust-Based Stealer Disguises as Legitimate Software to Steal Data from Compromised Devices
A new Rust-based stealer malware dubbed Fickle Stealer has come to the scene, capable of extracting sensitive data from compromised…
PXA Stealer Detection: Vietnamese Hackers Hit the Public and Education Sectors in Europe and Asia
Hot on the heels of the recent wave of cyber-attacks leveraging a highly evasive Strela Stealer in Central and Southwestern…
New Remcos RAT Activity Detection: Phishing Campaign Spreading a Novel Fileless Malware Variant
Cybersecurity researchers have identified an ongoing in-the-wild adversary campaign, which leverages a known RCE vulnerability in Microsoft Office tracked as…
Interlock Ransomware Detection: High-Profile and Double-Extortion Attacks Using a New Ransomware Variant
Adversaries employ new Interlock ransomware in recently observed big-game hunting and double-extortion attacks against U.S. and European organizations in multiple…