Splunk Enterprise Security

How do you detect WannaCry by Splunk Enterprise Security Content Updates?

test_qweqwe
Builder

It's impossible to detect WannaCry by app ES Content Updates?
Someone have experience in this?

app: https://splunkbase.splunk.com/app/3449/

0 Karma
1 Solution

ChrisG
Splunk Employee
Splunk Employee

If you haven't looked at the Splunk Security Essentials for Ransomware app, it has some useful reference searches.

There is also a Security Investigation online demo that might give you some pointers.

View solution in original post

ChrisG
Splunk Employee
Splunk Employee

If you haven't looked at the Splunk Security Essentials for Ransomware app, it has some useful reference searches.

There is also a Security Investigation online demo that might give you some pointers.

View solution in original post

lloydknight
Builder

Hello test_qweqwe

These links might help by blocking the domains that could host ransomware using Splunk ES.

Official Documentation:
http://docs.splunk.com/Documentation/ES/4.6.0/User/Configureblocklists#Add_a_ransomware_threat_feed_...

Splunk Blog:
https://www.splunk.com/blog/2017/01/24/enhancing-enterprise-security-for-ransomware-detection.html

Hope it helps!

Thanks!

Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!