Analytics – SCRT Team Blog

Insomni’Hack 2026 – Golden Payout writeup

The challenge

A massive data breach has just hit our corporate network. Highly sensitive documents have been spotted on a prominent Darknet leaking platform. Preliminary network telemetry has flagged suspicious outbound traffic originating from a specific workstation belonging to one of our DBAs. As part of the Rapid Response Investigation Team, you have been assigned to perform a deep-dive forensic analysis of the suspect’s workstation.

Getting Started With SplunkUI

When developing new Splunk apps with a customised user interface, everything but SplunkUI is deprecated. Thus, it is only a matter of time before you need to jump from that building with faith.

Splunk Boss Of The SOC (BOTS) @Insomni’hack

It’s was a pleasure this year to meet you at the 2022 edition of our amazing security conference Insomni’hack !

With Splunk collaboration, we come back this year with “Splunk Boss Of The SOC” challenge.

SOCs real-life challenges & solutions

Introduction

As SCRT’s blue teamers, we often deal with Security Operations Centers (SOCs). Being able to interact with many different SOCs for our consultancy service gives us the possibility to understand the main challenges a SOC faces and how to solve them.

Event Masker – 2021.08 Release

We are proud to announce a new release for Event Masker, with many productivity tweaks and significant enhancements.

Splunk & advanced filtering with Event Masker

What is Splunk ?

Splunk is a Data-to-Everything Platform designed to ingest and analyze all kind of data. They can be visualized and correlated through Splunk searches, alerts, dashboards, and reports. Splunk is the #1 of 2020 Gartner Magic Quadrants in SIEMs for its performant analysis and visionary in Application Performance Management category.