Friday’s here, and so is the Knowledge Bits Digest! 💡
This time, we’ve gathered a set of practical tips and actionable insights for #Splunk users. Dive into the latest articles from SOC Prime experts to sharpen your skills:

Splunk: Using collect Command for Creating New Events in a New Index
https://socprime.com/blog/collect-command-for-creating-new-events-in-a-new-index/
Using map Command in Splunk
https://socprime.com/blog/using-the-map-command-in-splunk/
Splunk: How to Write a Query to Monitor Multiple Sources and Send Alert if they Stop Coming
https://socprime.com/blog/splunk-how-to-write-a-query-to-monitor-multiple-sources-and-send-alert-if-they-stop-coming/
Fields Aren’t Always Faster, Keyword Searches to Speed Up Splunk
https://socprime.com/blog/fields-arent-always-faster-keyword-searches-to-speed-up-splunk/
Making Use of Fillnull and Values() to Increase Rule Resiliency in Splunk
https://socprime.com/blog/fillnull-and-values-to-increase-rule-resiliency-in-splunk/
Creating Macros for Code Reuse in Splunk
https://socprime.com/blog/knowledge-bits/creating-macros-for-code-reuse-in-splunk/
Splunk: How to Make Lookup Based on Wildcards
https://socprime.com/blog/splunk-how-to-make-lookup-based-on-wildcards/
Splunk: How to Output Nested json as One Field
https://socprime.com/blog/splunk-how-to-output-nested-json-as-one-field/
Learn, engage, and stay tuned to foster knowledge-sharing together!

#KnowledgeBits #SOCPrime

https://github.com/UncoderIO/Uncoder_IO

Uncoder.IO an easy to use online translator for Sigma Rules has just been made available as Open Source.

#SIGMA #IOC #ElasticStack #OpenSearch #Athena #Defense #MicrosoftDefender #MicrosoftSentinel #SOC #Analyst #socprime

A new #sigma rule was created to detect impersonation executions, which can also be found in SOC Prime now.

https://lnkd.in/gagWwKPq

https://lnkd.in/g45UmXmS

#cybersecurity #socanalyst #informationsecurity #blueteam
#ECI #socprime #sigma_hq #sigma_rules