Automate LOKI using Splunk
Automate LOKI using Splunk LOKI scanner is one of the famous open-source endpoint scanners which can be used to detect indicators of compromise by the below methods: File Name IOC Regex match on full file path/name Yara Rule Check Yara signature match on file data and process memory. Includes but not limited to: File size, specific strings in file header or content, create/modify time, and many others Hash Check Compares known malicious hashes (MD5, SHA1, SHA256) with scanned files C2 Back Connect Check Compares process connection endpoints with C2 IOCs This scanner comes really handy in incident response and threat hunting activities across organization. But you have to run it on suspected endpoints and analyze findings manually for each. More details on LOKI available on https://github.com/Neo23x0/Loki So, we decided to make our lives - and yours- easier by automating deployment, signature update and have full visibility of results in detail...