Helping Threat Hunters While Staying Compliant: Categorizing and Scoring AWS CloudTrail Events in Real-Time

AWS CloudTrail is a service that "enables governance, compliance, operational auditing, and risk auditing of your AWS account." It continuously monitors accounts and it is one of the most valuable and probably the best data source for security analysis in AWS. Security and Operations teams love¬†Cloudtrail because of the added visibility into user and resource … Continue reading Helping Threat Hunters While Staying Compliant: Categorizing and Scoring AWS CloudTrail Events in Real-Time

Cribl LogStream 1.5: Now Supporting Splunk Universal Forwarder and Syslog

Normally I prefer to write a wittier headline for a release announcement, especially for a release this important. Three things are holding me back, however: a) I really want you to know we support the Universal Forwarder and Syslog, b) length of headline, c) it's April Fucking 1st, and it's possible this is so cool … Continue reading Cribl LogStream 1.5: Now Supporting Splunk Universal Forwarder and Syslog