Blog
Splunk Universal Forwarder Troubleshooting
Deployment Client Side Deployment SeRVER Side Incorporating best practices like using splunk btool, splunk diag, and monitoring internal logs can significantly improve your ability to troubleshoot efficiently. Happy troubleshooting!
continue readingIDOR – Do you know what I am doing ?
An application provides direct access to an object, such as a file or a database record, based on user-supplied input. This can allow an attacker to bypass the application’s access controls and access sensitive information or perform unauthorised actions it is called as an IDOR (Insecure Direct Object Reference) vulnerability. Attacker can manipulate the URL…
continue readingBridging the Gap: Integrating Microsoft Exchange SE with Splunk for Advanced Security Auditing
Microsoft Exchange is often a primary target for business email compromise (BEC) and lateral movement. Getting deep visibility into what happens inside your mail servers is critical. Recently, I built a lab environment to simulate this exact pipeline: from a fresh Windows Server 2022 install to a fully operational Splunk Universal Forwarder ingestion. Here is…
continue readingEnabling AI Assistant for SPL in Splunk 10.2, Here’s how it went!
I recently set up the AI Assistant for Splunk on version 10.2 and wanted to share the full setup journey, including the parts nobody talks about (the waiting). Step 1 — Install the App Downloaded the AI Assistant app from Splunk Base and installed it on my Splunk instance.🔗 https://splunkbase.splunk.com/app/7245 Step 2 — Initial Setup After installation, started…
continue readingSplunk Admin – Cheat sheet
The Splunk CLI commands are listed here. Please leave a remark if you would like to add any additional commands or make any changes to the ones that are already mentioned. Genral Admin Manage the Splunk processes splunk [start | stop | restart | status] Accept the license without prompt splunk start –-accept-license Enable boot…
continue readingActive Directory Series – IV
Part – IV : Active Directory – Authentication NTLM protocol The NTLM protocol has a long history in Windows environments and has served as a foundational authentication method for many years. However, its security limitations and susceptibility to attacks have led to its gradual phasing out in favor of more robust authentication protocols. While NTLM…
continue readingActive Directory Series – III
Part – III : Active Directory – Authentication Kerberos Authentication Protocol The Kerberos authentication protocol offers a robust and reliable solution to ensure secure access to network resources. Kerberos, derived from the Greek word “κέρβερος” meaning “three-headed dog,” was originally developed at the Massachusetts Institute of Technology (MIT) in the 1980s.Kerberos has undergone several revisions…
continue reading