Splunk Tutorials Archives | Hurricane Labs

Phantom Function Exploration: extract_regex

By Steve McMaster|2021-04-05T12:59:09-04:00March 30th, 2021|

Welcome to the Phantom Function blog collection’s inaugural post. [...]

Deploying the Splunk Universal Forwarder on Windows

By Tom Kopchak|2021-03-23T12:22:06-04:00March 18th, 2021|

The Splunk Universal Forwarder is the best mechanism for [...]

How to Generate a Diag in Splunk

By Tom Kopchak|2021-03-18T15:35:06-04:00March 18th, 2021|

When working with your Splunk environment or troubleshooting an issue, [...]

Splunking the Zombie Apocalypse

By Adam Army|2021-02-03T09:12:00-05:00February 2nd, 2021|

At Hurricane Labs, we love logs and we love [...]

Splunking with Sysmon Part 4: Detecting Trickbot

By Dusty Miller|2020-11-17T11:32:24-05:00November 12th, 2020|

Trickbot and Ryuk With the recent outbreak of Ryuk [...]

Using Splunk Streamstats to Calculate Alert Volume

By Josh Neubecker|2020-11-10T13:01:24-05:00November 10th, 2020|

Dynamic thresholding using standard deviation is a common method [...]

Splunking with Sysmon Part 3: Detecting PsExec in your Environment

By Dusty Miller|2020-11-12T13:20:35-05:00November 5th, 2020|

PsExec is another powerful tool created by Windows Sysinternal. [...]

Your Splunk Guide for Smooth Sailing with CEF Field Extractions

By Tom Kopchak|2020-11-17T10:43:43-05:00October 28th, 2020|

One of the more common log formats you’ll run [...]

A Design with Humans in Mind: Adding Automation and Color Coding to the IT Workflow

By Jeremy Nenadal|2020-10-27T14:14:03-04:00October 27th, 2020|

Workflow is an essential part of a daily routine, from [...]

Using Splunk Enterprise Security to Look for Zerologon Exploit Attempts

By Toby Deemer|2020-10-22T15:13:17-04:00October 22nd, 2020|

A while back, Zerologon came along and helped everyone [...]