Palo Alto Networks‘ products offer unparalleled visibility into network traffic and malicious behavior, spanning across both network and endpoint environments. Integrating this visibility with Splunk enables us to correlate data and conduct analytics across various data types. Prerequisite Configuring Splunk We need to first install the two apps from the splunkbase repository. You need an…
In the constantly changing realm of cybersecurity risks, the FritzFrog botnet stands out as a formidable and adept opponent. Recent developments reveal a new variant of FritzFrog leveraging the Log4Shell vulnerability, marking a concerning shift in its tactics. This article explores the evolution of FritzFrog, its advanced techniques, and the imminent threats it poses to…
In the world of managing and analyzing data, nothing beats efficiency and precision. Splunk, a leader in log analysis, relies on the Search Processing Language (SPL), a versatile tool that excels in querying, analyzing, and deriving insights from colossal datasets. Understanding SPL: The Language of Splunk At its essence, SPL is a domain-specific language designed…
In our previous blog, Analyzing AWS VPC Flow Logs with Elasticsearch, AWS SQS, and Filebeat, we talked about pulling AWS VPC Flow logs via AWS SQS and pushing them to an internal Elasticsearch cluster. In this post, we will look at accomplishing the similar task of ingesting AWS VPC Flow Logs into a local instance…
Let’s go through the process of creating an IAM role with read only permissions to IAM resources, and attaching that role to an EC2 instance. Screenshots for key steps are included. Prerequisites: Step 1 – Create IAM role Use your favorite text editor and create the file “ec2-trust-policy.json” with the content below: Use the create-role…
Amazon Simple Storage Service (S3) is a widely used object storage service, but ensuring the security of your S3 bucket is crucial to protect sensitive data. In this guide, we will walk through the steps to automatically detect unauthorized access to your S3 bucket when accessing our secrets in a special file ( secrets.txt )…
In the Linux file system, managing files efficiently often involves the use of links. Two common types of links are hard links and soft links (symbolic links). These two mechanisms serve different purposes and have their own set of advantages and use cases. In this article, we’ll explore the differences between hard links and soft…
AWS VPC Flow Logs are a goldmine of network data, providing valuable insights into traffic patterns, security threats, and network performance within your Amazon Virtual Private Cloud (VPC). To effectively analyze this data, many choose to utilize Elasticsearch, an open-source search and analytics engine. In this blog post, we’ll walk you through the process of…
In the world of Linux, symbolic links, often referred to as “soft links,” are a valuable tool for creating flexible references to files and directories. In this article, we’ll explore what symbolic links are, delve into real-world examples, and learn how to find multiple symbolic links pointing to the same file within your filesystem. Understanding…
Have you ever wondered how Linux efficiently manages files while optimizing disk space usage? The answer lies in a powerful and often underappreciated feature called hard links. In this article, we will explore what hard links are, provide real-world examples, and learn how to find multiple hard links pointing to the same file in your…
