Splunk Enterprise Security

How do you detect WannaCry by Splunk Enterprise Security Content Updates?

test_qweqwe
Builder

It's impossible to detect WannaCry by app ES Content Updates?
Someone have experience in this?

app: https://splunkbase.splunk.com/app/3449/

0 Karma
1 Solution

ChrisG
Splunk Employee
Splunk Employee

If you haven't looked at the Splunk Security Essentials for Ransomware app, it has some useful reference searches.

There is also a Security Investigation online demo that might give you some pointers.

View solution in original post

ChrisG
Splunk Employee
Splunk Employee

If you haven't looked at the Splunk Security Essentials for Ransomware app, it has some useful reference searches.

There is also a Security Investigation online demo that might give you some pointers.

View solution in original post

lloydknight
Builder

Hello test_qweqwe

These links might help by blocking the domains that could host ransomware using Splunk ES.

Official Documentation:
http://docs.splunk.com/Documentation/ES/4.6.0/User/Configureblocklists#Add_a_ransomware_threat_feed_...

Splunk Blog:
https://www.splunk.com/blog/2017/01/24/enhancing-enterprise-security-for-ransomware-detection.html

Hope it helps!

Thanks!

Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.