I think it’s safe to say at this point everyone and their dog’s dog has heard in some form or another about the Mandiant report released entitled “APT1: Exposing One of China’s Cyber Espionage Units”. Regardless of what you think of the report – Jeffrey Carr has a good rebuttal – the one thing it does give us is a LARGE amount of indicators which can be made into actionable intelligence and I HIGHLY commend Mandiant on sharing this intelligence!

Continuing on with my goal for 2013 of writing more blog posts I figured I’d go back and look at a neat use I found for Splunk and two kinds of data I was able to ingest in to it.

As Splunk has grown in popularity over the last year I started see more and more blog posts, twitter comments, etc regarding various uses for Splunk and most of the time I look over at my own dashboards and see items I’ve had in place for a long time being described.