User Behavior Analysis with Splunk: Detecting Threats and Fraudulent Activity in the Ocean of Behaviors: Part 1 – Setting Alerts on User Session Risk Factors
Back in my days at IBM T.J. Watson Research Center where we were working on techniques to detect known and unknown malware, the fast growing challenge was the rising threat of malware’s abilities to become [...]
Detecting Bank Accounts Takeover Fraud Cyberattacks with Splunk. Part3: The Advanced Negative Look Behind Query
…Continued from Part 2. In the final part of this writeup I’ll show you the actual query that does it all and explain how it works. To remind – this is the challenge – what [...]
Detecting Bank Accounts Takeover Fraud Cyberattacks with Splunk. Part 2: Building Reference Summary Index of Logins Data
… continued from Part 1. Summary indexing is a great way to speedup Splunk searches by pre-creating a subset of only necessary data for specific purpose. In our case we need to filter out of [...]
Detecting Bank Accounts Takeover Fraud Cyberattacks with Splunk. Part 1: The Challenge
Full Series: Detecting Bank Accounts Takeover Fraud Cyberattacks with Splunk. Part 2: Building Reference Summary Index of Logins Data. Detecting Bank Accounts Takeover Fraud Cyberattacks with Splunk. Part3: The Advanced Negative Look Behind Query. In [...]
IBM TeaLeaf + Splunk = Powerful fraud investigation and security analytics platform for financial firms. Part 3: Visualizing Trends and Patterns of Cyberattacks
Once you got all the beautiful and rich traffic data exported from Tealeaf and imported in Splunk – the possibilities are virtually endless to create very powerful search and cross referencing analytics and security investigation [...]
Traffic Ray: New Splunk App to visualize your HTTP WEB traffic for security and analytics needs
Update: Splunk approved and published Traffic Ray within official Splunk app repository here. Traffic Ray is a real time Web traffic analytics Splunk App I built for web server administrators and web hosting service providers. [...]
IBM TeaLeaf + Splunk = Powerful fraud investigation and security analytics platform for financial firms. Part 2: Exporting data from TeaLeaf
Let’s get our hands dirty. First step in building fraud investigation and security analytics platform with TeaLeaf is making TeaLeaf’s data available for Splunk. Then Splunk will take care of all the deep security queries [...]
IBM TeaLeaf + Splunk = Powerful fraud investigation and security analytics platform for financial firms. Part 1: Introduction
IBM Tealeaf plus Splunk IBM TeaLeaf is one of the leading customer experience management platforms from IBM. IBM TeaLeaf is set of tools allowing enterprises to record all customer interactions [...]