Splunk patched the CSRF bug (and a gazillion others I didn't find)! I guess I get to stop adding it to reports ...
Splunk Vulnerability DisclosureSplunk Security Advisories Archive
Recent searches
Search options
#splunk
0 posts0 participants0 posts today
ICYMI: on the latest #TechstrongTV I join the Gang to go deep on #Google #acquisition of #CNAP (#cloud #cybersecurity) with #Wiz, esp. how it hits #AWS, #Azure, #Cisco, #Splunk, #Crowdstrike, #PANW, ++. Just don't call it #DevSecOps!
Plus, #AI is failing, even for religion!
https://techstrong.tv/videos/videos/techstrong-gang-march-19-2025
Techstrong TVTechstrong Gang - March 19, 2025 - Techstrong TVAlan, Mike, Mitch, Andi Mann and Lisa Martin, CMO Advisor for The Futurum Group, dive into why Google is spending $32 billion to acquire Wiz, a provider of a cloud native application protection platform (CNAPP).Then, the gang discusses the challenges organizations are running into as they attempt to operationalize artificial intelligence (AI) before discussing the impact AI might have on religion.
ICYMI, on the latest #TechstrongTV I join the Gang to go deep on #Google #acquisition of #CNAP (#cloud #cybersecurity) with #Wiz, esp. how it hits #AWS, #Azure, #Cisco, #Splunk, #Crowdstrike, #PANW, ++. Just don't call it #DevSecOps!
Plus, #AI is failing, even for religion!
https://techstrong.tv/videos/videos/techstrong-gang-march-19-2025
Techstrong TVTechstrong Gang - March 19, 2025 - Techstrong TVAlan, Mike, Mitch, Andi Mann and Lisa Martin, CMO Advisor for The Futurum Group, dive into why Google is spending $32 billion to acquire Wiz, a provider of a cloud native application protection platform (CNAPP).Then, the gang discusses the challenges organizations are running into as they attempt to operationalize artificial intelligence (AI) before discussing the impact AI might have on religion.
ICYMI, on the latest #TechstrongTV I join the Gang to go deep on #Google #acquisition of #CNAP (#cloud #cybersecurity) with #Wiz, esp. how it hits #AWS, #Azure, #Cisco, #Splunk, #Crowdstrike, #PANW, ++. Just don't call it #DevSecOps!
Plus, #AI is failing, even for religion!
https://techstrong.tv/videos/videos/techstrong-gang-march-19-2025
Techstrong TVTechstrong Gang - March 19, 2025 - Techstrong TVAlan, Mike, Mitch, Andi Mann and Lisa Martin, CMO Advisor for The Futurum Group, dive into why Google is spending $32 billion to acquire Wiz, a provider of a cloud native application protection platform (CNAPP).Then, the gang discusses the challenges organizations are running into as they attempt to operationalize artificial intelligence (AI) before discussing the impact AI might have on religion.
Super new drop from #TechstrongTV! I join the Gang to go deep on #Google #acquisition of #CNAP (#cloud #cybersecurity) with #Wiz, esp. how it hits #AWS, #Azure, #Cisco, #Splunk, #Crowdstrike, #PANW, ++. Just don't call it #DevSecOps!
Plus, #AI is failing, even for religion!
https://techstrong.tv/videos/videos/techstrong-gang-march-19-2025
Techstrong TVTechstrong Gang - March 19, 2025 - Techstrong TVAlan, Mike, Mitch, Andi Mann and Lisa Martin, CMO Advisor for The Futurum Group, dive into why Google is spending $32 billion to acquire Wiz, a provider of a cloud native application protection platform (CNAPP).Then, the gang discusses the challenges organizations are running into as they attempt to operationalize artificial intelligence (AI) before discussing the impact AI might have on religion.
"#Alphabet to buy #Wiz for $32bn in its biggest deal to boost #cloud #security"
Smart for #Google - #cybersecurity still #1 factor for #CIO & #CTO, esp. #enterprise. Takes fight to $AMZN $MSFT $CRWD $PANW but esp $CSCO (#Splunk, #Epsagon).
Just don't call it #DevSecOps!
Hey Software company PR peeps. You might want to at least register your handle on #Bluesky; ideally with your verified domain.
Today alone I have seen name-squatters for #ServiceNow, #SolarWinds, #Splunk, #Cisco, #Squadcast, and #Atlassian.
And anyone else who wants to protect their name/brand.
"#Solarwinds Acquires #Squadcast, Unifying #Observability & #IncidentResponse"
Not exactly a blockbuster. Useful for customers, and I get this is a tempting adjacency (ask me how I know 
) but I don't see this hurting #PagerDuty, let alone #Cisco, #Splunk, or #ServiceNow.
Excited to share our latest post from THOR Collective Dispatch! @et dives into Splunk DECEIVE, an AI-powered honeypot by @DavidJBianco.
Curious? Read more: https://dispatch.thorcollective.com/p/exploring-splunk-deceive
THOR Collective Dispatch · Exploring Splunk DECEIVE
Replied in thread
@fistfulofdave that was my follow up argument. When I’m using #Splunk to report on stuff I can eyeball the results from a first pass at writing a query, then debug and finesse it. With an #AI / #LLM you’re putting complete trust in its output, you can’t ask to “see it’s working”, as it were.
One of the best Splunk RBA articles I've seen. It's dense and addresses a handful of ES quirks and managing DHCP IPs in a KV.
https://www.gabrielvasseur.com/post/rba-aggregate-user-system-risks
Gabriel Vasseur · RBA: Aggregate user & system risks!Since RBA is all about aggregating security events that are related to the same entity, Assets & Identities normalisation is crucial to its success. Beyond basic normalisation for user and system risk objects, you also want to aggregate risks associated with a user with the risks associated with the assets they own (e.g. their laptop). We present a way to do that in Splunk. The Idea The whole implementation is a lot to take in, with many subtle details, so let's just first explain the what and t
Do I know anyone who works for/on #splunk ?
I'm evaluating its #accessibility for #screenReader users v8.26 for the #tryHackMe #AdventOfCyber challenges and let's just say I have some feedback to share. I can absolutely see that work has been done but I think an expert review is sorely needed :) Who do I talk to about that? #infoSec #cybersecurity
Hey fellow #OpenSearch fans. I'm curious if there's a way to do #Splunk syntax type searches? I came to OpenSearch from solr, graylog, and ELK, so I'm generally content with Lucene syntax, but overcoming the muscle memory has been more challenging from some coworkers that are used to Splunk. I would love to see OpenSearch become more of the goto over Splunk and this capability would go a long way to making that happen.
We’re thrilled to announce that the Investigative Journalism Foundation has been selected as a #Splunk Social Impact grantee helping to bridge the Data Divide!
This opportunity allows us to further our mission of holding power to account by leveraging data for transformative change. Learn more about our journey and other inspiring nonprofits here:
https://www.splunk.com/en_us/blog/splunk-for-good/bridge-data-divide-2024-2025-grantees.html
HIRING: Staff Security Engineer – Security Operations and Incident Response / Remote (Non CA)
USD 125K+
isecjobs.comStaff Security Engineer – Security Operations and Incident Response at Chegg - Remote (Non CA)Chegg is hiring for Full Time Staff Security Engineer – Security Operations and Incident Response - Remote (Non CA), a senior-level InfoSec / Cybersecurity role offering benefits such as career development, equity / stock options, flex hours, flexible spending account, flex vacation, health care, insurance, medical leave, parental leave, team events.
JOB ALERT
My team (#Splunk #SURGe) is looking for a mid- or senior-level researcher. The job involves participating and leading research teams, then publishing and speaking about what you learn for the benefit of the #cybersecurity community. We are a small team, but very supportive of each other and extremely collaborative. If this sounds like you, apply today!
The Top Cyber Threats for 2024/25
YouTube video: https://youtu.be/A4hHWDcPHqE
#SponsoredbyCisco #ai #artificalintelligence #Quantum #cisco #firewall #vpn #hash #encryption #theats #ransomware #hack #hacking #cybersecuity #splunk Cisco Splunk
Hey, I just tested an instance of Splunk and I didn't find this! How did I miss...
"According to Splunk, only instances running on Windows machines are affected by this vulnerability."
Oh. Never mind.
https://www.securityweek.com/splunk-enterprise-update-patches-remote-code-execution-vulnerabilities/
These days I realized the dark side of such VDP program. With submission of report at #Hackerone one year back, I agreed to #Splunk GTC and this does not allow to publish research on others CVEs nor my 2 cases rejected as info only.
I accept and will delete those post details now 
Next time I will think twice to report to such VDP, in particular if it's without payment.
I have learnt the hard way and yes I am pissed off
