Splunk SOAR

How to investigate and contain ransomware with Splunk enterprise?

Pablo00
Explorer

Hi
Does anyone have examples of how to use Splunk enterprise to investigate and contain ransomware?

I would like to detect it quickly - any recommendations?

Can you share any logs from real ransomware? or screenshots? I have alerts on some ransomware popular ports like 445 etc. I am just wondering what is like red frag, traffic pick etc? Many thanks

Labels (2)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

The Splunk Security Essentials app has many use cases for detecting behaviors indicative of ransomware.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...