![]() ![]() Trends in malware families - Notable changes in malware families.Top malware families - Which malware families are most commonly used to target your employees over a given time period?.Phishing examples by phish kit - View examples showing a particular phish kit being used in an attack.Trends in phish kits - Notable changes in phish kit usage.Top phish kits - Which phish kits are most commonly used to target your employees over a given time period?.Phishing examples by brand - View examples showing the impersonation of a particular brand of interest.Trends in phished brands - Notable changes in impersonated brands.Top phished brands - Which brands are most commonly impersonated to target your employees over a given time period?.Provides insights on brands being impersonated to target employees in phishing attacks that are getting past current security controls Submission volume by analyst - Which analysts may need additional training to leverage Splunk Attack Analyzer more effectively?.Trends in submission volumes over time - When does the SOC have the most alerts needing investigation?.Breakdown by mode of submission - Which use cases are generating the most alerts needing analysis?.It provides the following visualizations: This dashboard provides insight into where Attack Analyzer is being leveraged by the SOC team today and how usage varies across the team. The Splunk App for Splunk Attack Analyzer takes the data ingested by the Add-on and provides a set of out-of-the-box dashboards that empower SOC leadership to understand patterns in alert volumes and helps blue teams to gain insight on how adversaries are getting past their defenses. It can fetch high-level results such as scores and verdicts as well as detailed raw and normalized forensics from static as well as dynamic analysis by Splunk Attack Analyzer engines. It makes the data searchable and allows teams to build custom queries, reports and dashboards. The Splunk Add-on for Splunk Attack Analyzer ingests results of submissions made to Splunk Attack Analyzer into the Splunk platform. The Splunk Add-on and App for Splunk Attack Analyzer combine to help make it easy to visualize and socialize these insights with leadership and across the larger team. Aggregating data across submissions can help SOC teams gain a broader perspective on how adversaries are targeting the organization past their defenses. However, the gains with Splunk Attack Analyzer don’t just stop at triaging individual alerts. ![]() Moreover, integrations with Splunk SOAR can help automate a large number of alerts altogether based on verdicts from the analysis of a threat from Splunk Attack Analyzer thereby eliminating workload from the SOC. With Splunk Attack Analyzer, every analyst can triage each alert with a high level of proficiency. Interactive web browser and interactive sandbox to detonate malicious payloads safely.Malware detections with malware family attribution.Proprietary phishing detections with phished brand and phish kit attribution.Capturing rich forensics at each stage of the attack chain, including screenshots.Attack chain following for URLs and files originating from the initial payload.Splunk Attack Analyzer can serve as a force multiplier for SOC teams with its capabilities of: Every SOC team has to contend with a few top-tier analysts being barraged with escalations from tier 1 analysts tasked with triaging an ever-growing volume of alerts hitting the SOC. The challenges with hiring top talent to staff a modern Security Operations Center (SOC) are ubiquitous. These offerings help us bolster our unified security operations experience by bringing threat analysis results from Splunk Attack Analyzer into the Splunk platform. Following our announcement of Splunk Attack Analyzer in July 2023, we are excited to announce the launch of the Splunk Add-on for Splunk Attack Analyzer and Splunk App for Splunk Attack Analyzer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |