These are the gists referenced on the tech talk walking you through how to setup docker containers with nginx:

https://gist.github.com/MHaggis/e106367f6649fbb09ab27e7b4a01cf73

https://gist.github.com/MHaggis/26f59108b04da8f1d870c9cc3a3c8eec

What's the next step?

• Register for Office Hours
• Save the date for .conf24

And here are additional resources as you continue your journey:

• View the Splunk Threat Research Team’s complete security content repository 
• Download Splunk Security Essentials
• Download Enterprise Security Content Update
• Learn more about Splunk Enterprise Security
• Check out the analytic stories:
  • Confluence Data Center and Server Vulnerabilities
  • JetBrains TeamCity Vulnerabilities
  • Jenkins Server Vulnerabilities
• Read the blogs:
  • Security Insights: Jenkins CVE-2024-23897 RCE
  • Security Insights: JetBrains TeamCity CVE-2024-27198 and CVE-2024-27199
  • Security Insights: Tracking Confluence CVE-2023-22527
• Check out the “Office 365 Collection Techniques” analytic story
• Read Hunting M365 Invaders: Dissecting Email Collection Techniques 
• Read the blogs:
  • Under the Hood of Snake Keylogger: Analyzing its Loader and its Tactics, Techniques, and Procedures
  • Unveiling Phemedrome Stealer: Threat Analysis and Detections
• Do a little reading:
  • Splunk Security Content documentation
  • Blog posts by the Splunk Threat Research Team

Q&A from the session

Q: How can I stay up-to-date on content releases from the Threat Research Team?

A: The Community: Every month, we post a recap in the Product News & Announcements section with a list of all the new and updated security content we’ve released, plus links to learn more about each detection on research.splunk.com. You can find previous recaps here.

Q: Where can I find the latest research from the Threat Research Team?

A:  The Splunk blog: We regularly post research and guidance related to the latest tactics, techniques, and procedures we see adversaries using in the wild. You can find all posts authored by the Splunk Threat Research Team here.

Q: Will the Threat Research Team be presenting at .conf this year?

A:  Yes! Members of the Threat Research Team will be presenting a number of sessions. You can check out all of the security sessions that will be happening at .conf here.

Q: Please describe an efficient method to detect ransomware attack. Personally I like analyze entrophy of files but is that not too late?

A: We have a greater chance to prevent ransomware by reducing the attack surface using products like - WDAC (windows defender application control), Microsoft Windows AppLocker or ASR rules (Attack Surface Reduction rules). On the mail gateway side, restrict the amount of allowed ingress file extensions (HTA, CHM, JS, VBS, and so on) will help reduce the amount of ransomware or malicious files to the mailbox.
Using entropy to identify the files will be too late, unfortunately.

Q: Will any of these vulnerabilities be exercises in Boss of the SOC?

A: Not that STRT is aware of, unsure.

Please feel free to post additional questions here for us to respond to as you rewatch the Tech Talk and demo.

And here are some questions for YOU:

• What other types of resources would help you make the most of Splunk's pre-built security detections?
• Are there any threat detection topics or use cases you're especially interested in learning more about?

We'd love to hear from you!