Dashboard
SIEM
Tracking SSH Brute-force Logins with Splunk
This post demonstrates using Splunk field extraction and search queries to track SSH brute-force login attempts, identifying the top attacking usernames and source IP addresses via dashboards.
Technology
Running an Authoritative DNS Server
This post covers running a self-hosted BIND9 authoritative DNS server on FreeBSD, with examples of reconnaissance attempts seen in query logs and Splunk-based analytics.