|For journalists of all media, please use my PGP key for e-mail communications. Most requests I receive are for validating claims of major security events or vulnerabilities.
About one out of every five events I examine turn out to be fully or partially true. Our little community is increasingly becoming filled with rotten apples.
There is also an assumption of anonymity on my part, with exceptions only in very specific and authorized situations.
For research discoveries and disclosure, I already have a trusted list of journalists. For individuals and groups looking to include me in their efforts, please communicate using my PGP key listed above. Do your due dilligence first. I get a lot of requests and vetting what is legitimate gets annoying.
Congratulations, Splunk Revolution Award Winners!
23 October 2014 - Every year at .conf, Splunk’s annual worldwide users’ conference, we shine a big spotlight on the Revolution Awards. These awards, and their associated categories, distinguish the achievements of individual customers and recognize the many adventurous and cool things they are doing with Splunk s…
.conf 2014: The Community Report
23 October 2014 - Whew! Welcome back from .conf, everyone. I know it’s been two weeks since we all hung out together in the Community Lounge, but it still feels like we only just left the MGM yesterday… All for you: the Community Lounge This year at .conf, we created an intentional space for our amazi…
Shining a Light on Industrial Data
23 October 2014 - Enabling Insights from Industrial Data and the Internet of Things This week we announced that our technology partner, Kepware Technologies, released the Industrial Data Forwarder (IDF) for Splunk as part of their most recent KEPServerEX update. This application enables a new and much easier way to c…
Mitigating the POODLE Attack in Splunk
22 October 2014 - By now you are probably tired of seeing poodle memes. Fear not! Instead, I will share mitigation techniques on how to protect Splunk against this attack and leave out the memes. Let me preface the different techniques by adding some context to the exploitability of POODLE: This attack requires that…
Using Alerts to Send Data to Amazon S3
17 October 2014 - A customer recently asked me to prove a concept where Splunk could see a certain type of incoming event and then pass information from that event into their Amazon S3 storage. I knew that Splunk could create alerts for event conditions and then fire off a script when the alert triggers, but I had ne…
| | Blog
Snort Subscriber Rule Set Update for 10/23/2014, Release 2
24 October 2014 - Just released:Snort Subscriber Rule Set Update for 10/23/2014We welcome the introduction of the newest rule release from Talos. In this release we introduced 29 new rules and made modifications to 16 additional rules. There were no changes made to the snort.conf in this release.Talos's rul…
Snort 220.127.116.11 has been released!
23 October 2014 - Snort 18.104.22.168 is now available on snort.org athttp://www.snort.org/downloads in the Snort Stable Release section.A new DAQ build is also available that updates support for a fewoperating systems.Snort 22.214.171.124 includes a major new feature for Application Identification, our OpenAppID capability. In c…
Snort Subscriber Rule Set Update for 10/23/2014, 126.96.36.199 Release
23 October 2014 - Just released:Snort Subscriber Rule Set Update for 10/23/2014We welcome the introduction of the newest rule release from Talos. In this release we introduced 45 new rules and made modifications to 9 additional rules. There were no changes made to the snort.conf in this release.Talos's rule…
Snort EOL dates have been updated!
23 October 2014 - With the release of Snort 188.8.131.52, in accordance with our EOL policy, we've placed an EOL date on Snort version 184.108.40.206.Please take a moment and review our EOL policy on our webpage, and review the 220.127.116.11 EOL date (January 21, 2015)If there are any questions, please head on over to the Snort-users…
Snort Subscriber Rule Set Update for 10/21/2014
21 October 2014 - Just released:Snort Subscriber Rule Set Update for 10/21/2014We welcome the introduction of the newest rule release from Talos. In this release we introduced 27 new rules and made modifications to 8 additional rules. There were no changes made to the snort.conf in this release.Talos's rule…