Aggregating, Analyzing & Getting Answers with VMRay & Splunk
Security Operations Centers (SOCs) use SIEMs and tools like Splunk (that include SIEM functionality) for a number of use cases including monitoring alerts and notifications, correlating information from a number of security data sources, and facilitating forensic investigations. By integrating analysis data from a malware sandbox, SOCs and CIRTs (Computer Incident Response Teams) can achieve deeper visibility and easy correlation of malware from different sources. This kind of correlation and visibility can be invaluable as a way to find previously-undetected attack attempts and discovering if a new attack is related to a previous one.
In this short video, we show you how to achieve easy data aggregation and analysis with the VMRay Analyzer Add-on for Splunk. Watching this video you will learn:
- The types of data sources ingested from VMRay Analyzer into Splunk
- How to run search queries in Splunk
- How to pivot off IOCs and YARA Rule Matches
- How to Create Notifications and Dashboards
Want to explore more how to extend the capabilities of VMRay Analyzer with Splunk?
Download here the VMRay Analyzer Add-On from Splunkbase