OSM: Open Security Monitoring

OSM: Open Security Monitoring

Introduction I’ve spent most of my career defending environments of all sizes.  What I’ve found is that the job of a defender is much less flashier and thankless as compared to an “ethical hacker.”  While there are volumes of articles, guides, and talks on penetration…

Nessus and Splunk

Nessus and Splunk

Introduction Inspired by my IP360 and Splunk integration project (here and here), I wanted to do the same for Tenable Nessus.  In a previous role I implemented Nessus + SecurityCenter and for the most part had a positive experience.  The interface was modern and I liked…

IP360 and Splunk – Part 2

IP360 and Splunk – Part 2

Introduction In Part 1, I discussed how I thought integrating Tripwire IP360 vulnerability data into Splunk would be a great way to both learn Splunk and create useful and interesting vulnerability reports.  I gave an overview of IP360’s vulnerability scoring system and showed how I…

IP360 and Splunk – Part 1

IP360 and Splunk – Part 1

Introduction Over the last several months I’ve been working towards becoming a Splunk Certified Architect.  To prepare, I wanted additional hands-on practice and tried to think of ways I could apply all the techniques I had learned in my classes. I happened to have a…