Author Archives: Brandon Ganem

  1. Success with rsyslog

    For a while now, I’ve been hearing complaints about rsyslog’s configuration format. syslogd style configuration syntax has a reputation for being difficult to read. Understandably, this has caused a preference for syslog-ng with some going as far as ripping out rsyslogd, the default syslog implementation, and replacing it with syslog-ng. In this post, I hope to
    Read More …

  2. Scripted Rebuild of Corrupt Splunk Buckets

    Throughout my Splunk adventures, I’ve run into various situations where I’ve had to rescue data for one reason or another. Recently, I had a situation that required a good deal of automation to be utilized to save thousands of Splunk buckets, as an entire cluster was rendered in-operable (more on this from Steve Salisbury soon).
    Read More …

  3. Diving into Email Headers

    I’ve been meaning to revisit something I spend a good deal of time on in a past life. Email headers can be a valuable source of intelligence when combating anything from basic spam all the way to targeted phishing campaigns. In my experience, even sophisticated attackers do not make much of an attempt to vary items
    Read More …

  4. .conf2016 | top 3 talks

    My criteria for selecting Splunk talks fall under two categories: Security and Optimization / Performance. You’ll see this reflected in my choices below. Hunting the Known Unknowns: The Powershell Edition Slides Recording Another great talk by Ryan Kovar this year. This talk touches on the world of powershell exploit kits and what they may look like
    Read More …