Deployment automation of geo-distributed Splunk clusters using Terraform and Ansible

DOI - 10.32743/UniTech.2022.98.5.13795

In today's realities of life, you have to think fast, do quickly and correctly, while avoiding mistakes. In this article, we will learn how to automate Splunk cluster deployment using Terraform and Ansible. The use of these software allows the automated creation and administration of clusters easily, quickly, securely and centrally. Before the introduction of these programs, the creation of a single cluster took from 3 to 7 working days and the participation of two engineers, and now the process takes 20 to 40 minutes with a single employee.

Methods for the enrichment of information security events using CRIBL and MISP

DOI - 10.24411/2304-2338-2022-10602

In 2022 in the Russian Federation, the problem of the fastest possible protection against cyber attacks is very urgent,
as they are organized and carefully planned and are becoming more and more powerful. To protect against them, it is required to obtain information about suspicious indicators of compromise, such as IP addresses, DNS records, SHA1/SHA256/MD5 file hashes, email addresses, and others, as quickly as possible. How quickly the compromise indicators are detected and blocked determines the security and functionality of all services in the organization. This article presents a method of integrating Cribl with MISP to automate the enrichment of security events in order to maximize protection against the latest malicious compromise indicators used by organized hacker groups with large daily volumes of incoming traffic.