Monthly Archives: July 2015

  • detecting_web_malware_2

Real time detection and automated root cause analysis of web malware, exploits and backdoors with Splunk. Part 2, Detection and alerting.

Continued from Part 1…
Adding alert on file system modification events
Let’s setup alert that will send email to administrator when some executable script will be modified on Web server under user’s file system space. We will run scheduled search every 5 minutes to scan last 5 minutes worth of modifications. […]

By |Enterprise Security, Malware, Splunk, Wordpress|Comments Off on Real time detection and automated root cause analysis of web malware, exploits and backdoors with Splunk. Part 2, Detection and alerting.
  • detecting_web_malware

Real time detection and automated root cause analysis of web malware, exploits and backdoors with Splunk. Part 1, Architecture.

In this article I’ll demonstrate step by step how to setup Splunk analytics to detect successful known and unknown malware attacks on web hosting systems in real time.

In addition the same solution will include instructions to deploy fully automated investigative analytics to discover the origins of attackers (IP addresses) as well as any modifications within the file system.

This information is essential to discover and immediately eliminate all possible backdoors and exploits that attacker tried to plant.

Real time alerts will be delivered via email to system administrator as soon as attack occurs. The same information will be available via Splunk web interface for further analysis. […]

By |Malware, Splunk, Wordpress|0