-
Security Capabilities to Support Code Integrity
By Kelly FitzGerald, Raytheon Technologies; Altaz Valani, Security Compass; Elena Kravchenko, Imperva; Matthew Lyon, Dell Technologies; Ashwini Siddhi, Dell Technologies Introduction In our previous blog posts, we defined the code integrity problem statement and the basic principles of code integrity. As our series continues, we will define a framework of layered security capabilities to support…
-
CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers
In 2024, vulnerability exploitation accounted for 14% of breach entry points, marking a nearly threefold increase from the previous year—a trend that could persist into 2025. At the turn of January 2025, defenders released the first PoC exploit that can crash unpatched Windows Servers by leveraging a critical RCE vulnerability in the Windows Lightweight Directory…
-
Search and Replace Text in SPL Fields with rex
Sometimes when working with fields in SPL, it can be useful to search for and replace parts of text found in the field. Some reasons for doing this might be:– removing white space to reduce the size of the field– replacing field separators with characters that look nicer– rearranging values in a field in an…
-
Elasticsearch: Cluster Status is RED
It happens very rarely, but sometimes your cluster gets red status. Red status means that not only has the primary shard been lost but also that the replica has not been upgraded to primary in its place. However, as in the case of yellow status, you should not panic and start firing commands without finding…
-
Strela Stealer Attack Detection: New Malware Variant Now Targets Ukraine Alongside Spain, Italy, and Germany
Security experts have uncovered a novel Strela Stealer campaign, which leverages a new iteration of email credential-stealing malware. In this campaign, the updated malware version is enriched with enhanced functionality and is now capable of gathering system configuration data via the “system info” utility. Moreover, Strela Stealer expanded its targets beyond Spain, Italy, and Germany…
-
coalesce Function in Splunk
The Splunk coalesce function returns the first non-null value among its arguments. It’s useful for normalizing data from different sources with varying field names. For example, to unify multiple source IP fields into a single src_ip field: | eval src_ip = coalesce(src_ip, sourceip, source_ip, sip, ip) The post coalesce Function in Splunk appeared first on SOC Prime. Go to Source
-
rare Сommand in Splunk
The rare command in Splunk helps you find the least common values in a specific field of your data. This is useful for spotting unusual or infrequent events. By default, the rare command in Splunk returns the 10 least common values for a specified field. Find Rare User Agents To identify the least common user agents in your web…
-
KRaft: Apache Kafka Without ZooKeeper
Apache Kafka has been a cornerstone of modern event streaming architectures, enabling reliable and scalable data pipelines for businesses worldwide. Traditionally, Kafka has relied on ZooKeeper for managing metadata, configurations, and cluster coordination. However, the introduction of KRaft (Kafka Raft) marks a significant shift in Kafka’s architecture, eliminating the need for ZooKeeper and simplifying cluster management. What…
-
Reducing Kafka Lag: Optimizing Kafka Performance
Apache Kafka is a powerful distributed messaging system, but like any system, it can face performance bottlenecks. One of the most common challenges is Kafka lag—the delay between producing and consuming messages. Addressing Kafka lag is crucial for maintaining real-time data pipelines and ensuring optimal performance. In this article, we explore practical strategies to reduce…
-
Fluentd: How to Use a Parser With Regular Expression (regexp)
This guide explains configuring Fluentd to extract structured data from unstructured log messages using the parser plugin with a regular expression (regexp). If you need to extract specific fields, such as log_source and index, from a log message, you can do this as follows. Input Log: { “message”: “Log source ‘WinCollect DSM – SRV-AD-001’ has…