|For journalists of all media, please use my PGP key for e-mail communications. Most requests I receive are for validating claims of major security events or vulnerabilities.
About one out of every five events I examine turn out to be fully or partially true. Our little community is increasingly becoming filled with rotten apples.
There is also an assumption of anonymity on my part, with exceptions only in very specific and authorized situations.
For research discoveries and disclosure, I already have a trusted list of journalists. For individuals and groups looking to include me in their efforts, please communicate using my PGP key listed above. Do your due dilligence first. I get a lot of requests and vetting what is legitimate is time consuming..
Information Exchange Boosts Threat Intelligence
30 July 2015 - The rash of recent government breaches and continued cyberthreats have accelerated the need for the exchange of information related to these and other known incidents. For many years, DHS has been working with industry and other federal agencies to provide more standardization of content so that sec…
Like Malcolm Gladwell, Splunk Cloud Helps You See Things Others Don’t
30 July 2015 - As I’m sitting in my home office, I glance over at my credenza and I spy the Malcolm Gladwell non-fiction book, “David and Goliath: Underdogs, Misfits, and the Art of Battling Giants.” I’m a big Gladwell fan. While I enjoy how he uses powerful story-telling to reshape the way we think ab…
Getting ready for Business Analytics at .conf2015 – Part 1
29 July 2015 - It’s almost August! That’s a pretty special time for us here at Splunk because we start working with speakers for our annual user conference. That’s right, .conf2015 is just around the corner and I am super excited to meet Splunkers from around the world, hear all the cool use case…
Under the Hood of Cisco IT
29 July 2015 - Do you know which technology is under the hood of Cisco IT? Do you know what Cisco uses to monitor the health of 70+ of their apps and to respond to security incidents? We bring you the answers straight from the horse’s mouth. At the recent SplunkLive! SF and in front of a packed room, Robert…
DIY 0 to 60 with Splunk in 3 steps
29 July 2015 - A lot of folks (particular developers) often ask me how to get started with building an app in Splunk? Many of the askers have no previous exposure to Splunk. Here are the steps I recommend: Download Splunk: http://www.splunk.com/en_us/download.html. You’ll get 500 megs data ingest a day f…
| | Blog
Snort++ Build 163 Available Now
31 July 2015 - Snort++ build 163 is now available on snort.org. This is the latest monthly update of the downloads. You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.New Features:added piglet plugin test harness - use this to write LuaJIT test scripts to…
Snort Subscriber Rules Update 2015-07-30
30 July 2015 - Snort Subscriber Rules UpdateSynopsis:This release adds and modifies rules in several categories.Details:Talos has added and modified multiple rules in the blacklist, browser-chrome, browser-plugins, file-multimedia, file-pdf, malware-backdoor, malware-cnc, server-apache and server-webapp…
Attention FreeBSD Snort users!
29 July 2015 - In the past, and up until this most recent release of Snort 184.108.40.206, FreeBSD has downloaded its packages from SourceForge's Snort repository.This is no longer the case. Starting with this release (220.127.116.11) FreeBSD's port system now retrieves Snort from it's proper home, Snort.org, as we hope all pac…
Snort Subscriber Rule Set Update for 07/28/2015
28 July 2015 - Just released:Snort Subscriber Rule Set Update for 07/28/2015We welcome the introduction of the newest rule release from Talos. In this release we introduced 36 new rules and made modifications to 12 additional rules. There were no changes made to the snort.conf in this release. Talos woul…
Snort 18.104.22.168 EOL is approaching!
27 July 2015 - Just as a reminder, Snort 22.214.171.124 is approaching it's EOL (end of life) on August 17, 2015. For more information on our EOL policy, please make sure and visit our EOL page on Snort.org.Our current version of Snort is 126.96.36.199, and we love our users to be using the most current code and updated…