Leveraging Splunk for Palo Alto Firewall Logs – Part 2

In the first part, Leveraging Splunk for Palo Alto Firewall Logs , we address the essential steps and configuration for setting up Palo Alto firewalls to send logs to your local Splunk instance. In this second part, we’ll review several methods to verify that everything is configured correctly and to confirm the successful transmission of…

Leveraging Splunk for Palo Alto Firewall Logs – Part 1

Palo Alto Networks‘ products offer unparalleled visibility into network traffic and malicious behavior, spanning across both network and endpoint environments. Integrating this visibility with Splunk enables us to correlate data and conduct analytics across various data types. Prerequisite Configuring Splunk We need to first install the two apps from the splunkbase repository. You need an…

|

The Evolution of FritzFrog: A Persistent Threat Exploiting Log4Shell

In the constantly changing realm of cybersecurity risks, the FritzFrog botnet stands out as a formidable and adept opponent. Recent developments reveal a new variant of FritzFrog leveraging the Log4Shell vulnerability, marking a concerning shift in its tactics. This article explores the evolution of FritzFrog, its advanced techniques, and the imminent threats it poses to…

|

Useful Splunk Queries and Windows Event Log

In the world of managing and analyzing data, nothing beats efficiency and precision. Splunk, a leader in log analysis, relies on the Search Processing Language (SPL), a versatile tool that excels in querying, analyzing, and deriving insights from colossal datasets. Understanding SPL: The Language of Splunk At its essence, SPL is a domain-specific language designed…

How to Create an IAM Access Role and Attach to an EC2 Instance with AWS CLI

Let’s go through the process of creating an IAM role with read only permissions to IAM resources, and attaching that role to an EC2 instance. Screenshots for key steps are included. Prerequisites: Step 1 – Create IAM role Use your favorite text editor and create the file “ec2-trust-policy.json” with the content below: Use the create-role…

Safeguarding Sensitive Files and Detecting Unauthorized Access on S3 Bucket Storage

Amazon Simple Storage Service (S3) is a widely used object storage service, but ensuring the security of your S3 bucket is crucial to protect sensitive data. In this guide, we will walk through the steps to automatically detect unauthorized access to your S3 bucket when accessing our secrets in a special file ( secrets.txt )…

|

Hard Link vs. Soft Link in Linux: When to Choose Each

In the Linux file system, managing files efficiently often involves the use of links. Two common types of links are hard links and soft links (symbolic links). These two mechanisms serve different purposes and have their own set of advantages and use cases. In this article, we’ll explore the differences between hard links and soft…

|

Analyzing AWS VPC Flow Logs with Elasticsearch, AWS SQS, and Filebeat

AWS VPC Flow Logs are a goldmine of network data, providing valuable insights into traffic patterns, security threats, and network performance within your Amazon Virtual Private Cloud (VPC). To effectively analyze this data, many choose to utilize Elasticsearch, an open-source search and analytics engine. In this blog post, we’ll walk you through the process of…

|

The Versatility of Symbolic Links in Linux: A Guide with Examples

In the world of Linux, symbolic links, often referred to as “soft links,” are a valuable tool for creating flexible references to files and directories. In this article, we’ll explore what symbolic links are, delve into real-world examples, and learn how to find multiple symbolic links pointing to the same file within your filesystem. Understanding…