Blogs
October 2, 2024 / October 17, 2024 by Dhiraj Sharan | Leave a Comment
I am excited to announce that Query Splunk App 2.4 is now available on Splunkbase! With more and more user feedback, we have been making steady improvements to our Splunk App for federated search. This release makes the app more intuitive, easy-to-use, and powerful. What is the Query Splunk App? The Query Splunk App enables […]
Read more »
April 2, 2024 / May 6, 2024 by Dhiraj Sharan | Leave a Comment
Background Shodan is an Open Source Intelligence (OSINT) tool used for tracking security flaws in networked hardware and software and any IOT device available via the Internet. At the beginner level, Shodan is a search engine for all sorts of services and vulnerabilities, including control systems, insecure baby monitors, security cameras, medical equipment, and whatnot. […]
February 7, 2024 / March 12, 2024 by Dhiraj Sharan
Introduction This case study delves into how a Query customer implemented a security data bridge-based solution, transforming their approach to data management and security analysis. The Organization’s Prevailing Challenges Limited visibility of traditional SIEM solutions This large enterprise was faced with challenges regarding data visibility. Analysts needed to use more and more new data sources […]
November 16, 2023 / January 2, 2024 by Dhiraj Sharan
It is said that ‘Knowledge is Power.’ For an analyst investigating an alert, having an extra boost of contextual knowledge can be liberating. Let’s look at how we can incorporate additional sources of knowledge in our alert investigation workflow. The truth will set you free! Dealing with a high volume of raw alerts? According to […]
November 6, 2023 / February 1, 2024 by Dhiraj Sharan
Cisco IOS XE web UI zero-day announced October 19 On October 19, Cisco IOS zero-day vulnerability (CVE-2023-20198) was disclosed, impacting 40,000+ switches, routers, and access points running IOS XE. The vulnerability is in the web UI. See more at Hackers exploit zero-day to compromise tens of thousands of Cisco devices | TechCrunch. You should check […]
October 25, 2023 / May 29, 2024 by Dhiraj Sharan
Being an AI enthusiast, my plan heading into the weekend was to try out the amazing new ChatGPT capabilities OpenAI announced early last week: Then Friday happened. Okta disclosed the unfortunate unauthorized access of their support system (see here). So, I spent a few Saturday hours trying to use ChatGPT’s new features to see what […]
September 26, 2023 / October 5, 2023 by Dhiraj Sharan
Log and security event data normalization makes it possible to analyze data from multiple vendors. Commonly applied by SIEM and log management solutions, normalization transforms data from multiple disparate formats coming from different sources, to a single common format that can then be used for analytics, visualization, reporting, etc. There are challenges though. In particular, […]
September 5, 2023 / November 28, 2023 by Dhiraj Sharan
Current SIEM architecture is becoming untenable with increasing costs and limited visibility. The dream that cloud SIEM would magically make things easy didn’t play out. In fact, with security data now everywhere, it actually increases costs. Unfortunately, most of the revenue SIEM vendors get is going to their cloud providers, putting them in a tight […]
White Papers
August 22, 2023 / August 22, 2023 by Dhiraj Sharan
Learn how to measure and optimize your cybersecurity investigation costs by quantifying your analysts' searches per investigation (ASPI)...
August 8, 2023 / August 8, 2023 by Dhiraj Sharan
The advent of cloud, SaaS, and hybrid work environments have made conventional security data centralization pipelines less practical. The future is more flexibility and visibility, with less data shuffling and storage costs. Security data is now more heterogeneous, omnipresent, and expansive than ever, but the pipeline for log management has not adapted. Organizations are seeking […]
