Splunk Enterprise Security

create Splunk SIEM rules to detect future attack for SolarWinds attack

pacifikn
Path Finder

Greetings!

 

I need your support on how I can create Splunk SIEM rules to detect future attack as requested to this below link:

 

https://thehackernews.com/2021/04/detecting-next-solarwinds-attack.html

 

Your help will be most appreciated, thanks in advance!

Best Regards

Pacy

 

 

Labels (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

You may find some assistance at https://www.splunk.com/en_us/cyber-security/solarwinds-cyberattack-response.html

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You may find some assistance at https://www.splunk.com/en_us/cyber-security/solarwinds-cyberattack-response.html

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

pacifikn
Path Finder

 

Thank you so much for your prompt response @richgalloway.

May you guide me please or is there another link that shows step by step how I could do it  ... I've read it but it's too more complex for me to understand, Kindly help and guide me step by step if possible.

Thank you again.

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I do not have steps for this.  The blog and the links within it are good references, but this topic is not for newbies/noobs/n00bs.  Read through the blog postings and write your own steps as you go.

I'm assuming, of course, that you have Solarwinds data indexed in Splunk already.  If you don't then step #1 is to onboard that data.

---
If this reply helps you, an upvote would be appreciated.
0 Karma

pacifikn
Path Finder

Thank you so much @richgalloway  for your kind help.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!