Activity
Mon
Wed
Fri
Sun
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
What is this?
Less
More
Memberships
TRYBE
13 members • Free
ECA Cyber Range
39 members • $97/month
25 contributions to ECA Cyber Range
13d •
ECA Experts AMA - Monday, April 27th at 7:00pm CST - Asking For Topics
TGIF ECA Cyber Range Members!!! Friendly reminder to you all - Monday, April 27th at 7:00pm CST we will be hosting an AMA session! We do not have a specific topic for this session so feel free to post up, share, and open up topics here in this thread! Nothing is off limits and I'm happy to help out with any subject matter related to cybersecurity, company's I've worked with, subject matter we have covered, servant leadership, and anything else that you would like to tackle. Looking forward to spending time with you all Monday night! 😎
1 like • 10d
Apologies if this has already been covered. I was looking at the ECA Splunk app and noticed an AI Assistant for SPL button. From what I have read, junior programming jobs have quickly been replaced by Codex/Claude. Are we already to the point where LLMs are replacing basic Splunk skills? When you can do a prompt, "Show me potential IoCs for the past 7 days ignoring 10.0.4.2", does having SPL knowledge even matter? I have 2 Splunk certs and plan on getting the Splunk Certified Cyber Defense Analyst one. Should I concentrate on getting more LLM skills instead? Thank you.
1 like • 10d
@Paul Daigle II Thank you, looking forward to your thoughts! To expand, I was just about to edit my post to include: Should I concentrate on getting more LLM skills, or Splunk Architecture/Engineering instead?
20d •
Internship Application
For those that want to be apart of the Cyber Range Internship program tier I am dropping the PDF with all the information here. The application link will be inside of the PDF for you to apply. Since y'all are already members everyone here has the ability to apply right now. Please make sure to read the PDF in its full lol. Let me know if you have any questions at all.
0 likes • 19d
Applied. Very exciting! I asked on LinkedIn, and would just like to confirm: I work 6-3 some days and 2-11 other days. Would we be able to complete the tasks before or after those times? Or will tasks have to be done like 9-5? Also, if accepted, is there anything that should be worked on before June 1 that would help with the program?
22d •
ECA Splunk Security Dashboard Challenge Submittion
Full code and documentation on GitHub: https://github.com/philipzangara/splunk-otx-cti-dashboard LinkedIn: https://www.linkedin.com/posts/philip-zangara_splunk-cybersecurity-threatintelligence-share-7450251695206383616-ffEr/ YouTube walkthrough: https://www.youtube.com/watch?v=auqXgulY5-c A Splunk CTI dashboard that correlates AlienVault OTX threat intelligence against live Sysmon endpoint telemetry; to answer the question is the threat intelligence from the outside world actively hitting my environment right now?
1 like • 21d
@Paul Daigle II Thank you for the feedback. The Severity column was one of the more difficult issues I had doing this. How do you define severity? OTX doesn't have a good way to define it. A couple options I thought of: A. By hit count. More hits = more severe? I tweaked the hit count lower so any hits should have shown as medium or high. However, you can have a hit count of 1 and that 1 might be a ping to a C2 server that only connects every 3 months. Hard to show that quickly on a dashboard. B. Weighted by hit and pulse count. Again, how would this be weighted? C. Remove it. D. Use VirusTotal. I thought about using VirusTotal to check the IPs and Malicious Files, but would add another requirement to set up. For the "OTX Threat Intel - TTPs Active in Your Environment" panel, there was a Severity column and I just removed it for the above reasons. Looking back, I should have just removed the Severity column all together, especially the "OTX Malicious File Hits - Your Environment". Because if, say, mimikatz.exe shows up once, it would show up as a 1, thus a Low. We know of course know that mimikatz.exe is not a Low priority. Thanks again for the feedback!
Mar 17 •
Splunk Security Dashboard Challenge is Live
The Dashboard Challenge is live now! Go to the first classroom module, and all the information you need will be there. We got some awesome prizes this time around, so definitely check them out. There can only be one winner....Only the strong survive in our Cyber Rang,e lol. @Khadijah Watkins @Gabriel Gonzalez @Philip Zangara@April Walker @Oryon Begay @Robert B. @Royal Williams @Kemishe Smalls @April Walker
0 likes • Mar 23
@Kenneth Ellington Maybe I'm reading too much into this, but are we then doing the Classic Dashboard XML or Dashboard Studio JSON?
Mar 5 •
Thursday Update Session 3/5
We got an Update session with yours truly. We are going to cover some of the items below. 1.) Winner of the Splunk Challenge. 2.) New Challenges for this Spring and Summer 3.) Internship program for Cyber Range 4.) Updates for the Splunk ES App 5.) New programs coming online 6.) Referral Program So if you have questions about any of the above defintely tune in! It will also be recorded as well. @Khadijah Watkins @Gabriel Gonzalez @Philip Zangara There will updates specfically for yall as well so I would defintely join.
0 likes • Mar 5
Looking forward to it.
1-10 of 25
