CINXE.COM

<!doctype html> <html lang="en-US" class="no-touch js "> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1">   <script type='text/javascript' src="//www.cisco.com/etc/designs/cdc/clientlibs/responsive/js/web-component-foundation.min.js"></script> <script> /** * Invokes appropriate private methods based on input parameters based on needs of web component architecture * @param {Array} wcAssets array of strings that correlate to the names of web components or array of objects containing asset name and corresponding locale/path * @param {String} localePath specifies where web component should be retrieved from (expected format: en/us or en_au for all other locales); false if wcAssets, is array of objects * @param {Boolean} isWem [Optional] specifies if assets are being loaded on a WEM environment * @param {Boolean} needTargetter [Optional] specifies need for targetter bundle to be loaded (generally needed on external sites) * @param {Boolean} isRelative [Optional] specifies if asset path(s) should be relative * @param {String} env [Optional] specifies enviornment to append to relative path (should not be used with isRelative) * @param {Boolean} hasEnvOverride [Optional] specifies if environment needs to be overridden (should be used with env) */ cdc.wcAncillaryAssetAllocator.init(['cdc-template-blogs'], 'en/us', false, true, false, 'prod'); if (window.cdc === undefined) { window.cdc = {}; } if (cdc.cdcMasthead === undefined) { cdc.cdcMasthead = {}; } if (cdc.cdcMasthead.additional === undefined) { cdc.cdcMasthead.additional = {}; } cdc.cdcMasthead.additional.env = 'prod'; </script> <script type="text/javascript"> if ( typeof cdc === "undefined")cdc = {}; if ( typeof cdc.util === "undefined")cdc.util = {}; cdc.util.ensureNamespace = function (namespaceStr) { if (!namespaceStr) { return; var parts = namespaceStr.split("."); var o = window; var i; var aPart; for (i = 0; i < parts.length; i++) aPart = parts[i]; if (typeof (o[aPart]) != "object"){ o[aPart] = {}; } o = o[aPart]; } }; cdc.dm = {}; cdc.dm.util = {}; cdc.dm.util.ensureNamespace = cdc.util.ensureNamespace; </script> <meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' /> <script type="text/javascript" src="//www.cisco.com/c/dam/cdc/t/ctm-core.js"></script>  <title>Splunk Attack Analyzer - Cisco Blogs</title> <link rel="canonical" href="https://blogs.cisco.com/tag/splunk-attack-analyzer" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="Splunk Attack Analyzer Archives" /> <meta property="og:url" content="https://blogs.cisco.com/tag/splunk-attack-analyzer" /> <meta property="og:site_name" content="Cisco Blogs" /> <meta property="og:image" content="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/11/Cisco_Logo_no_TM_Midnight_Blue-RGB.png" /> <meta property="og:image:width" content="912" /> <meta property="og:image:height" content="482" /> <meta property="og:image:type" content="image/png" /> <meta name="twitter:card" content="summary_large_image" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"CollectionPage","@id":"https://blogs.cisco.com/tag/splunk-attack-analyzer","url":"https://blogs.cisco.com/tag/splunk-attack-analyzer","name":"Splunk Attack Analyzer - Cisco Blogs","isPartOf":{"@id":"https://blogs.cisco.com/#website"},"primaryImageOfPage":{"@id":"https://blogs.cisco.com/tag/splunk-attack-analyzer#primaryimage"},"image":{"@id":"https://blogs.cisco.com/tag/splunk-attack-analyzer#primaryimage"},"thumbnailUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/BHUSA_Image_1.webp","breadcrumb":{"@id":"https://blogs.cisco.com/tag/splunk-attack-analyzer#breadcrumb"},"inLanguage":"en-US"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/tag/splunk-attack-analyzer#primaryimage","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/BHUSA_Image_1.webp","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/BHUSA_Image_1.webp","width":1248,"height":624},{"@type":"BreadcrumbList","@id":"https://blogs.cisco.com/tag/splunk-attack-analyzer#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Cisco Blogs","item":"https://blogs.cisco.com/"},{"@type":"ListItem","position":2,"name":"Splunk Attack Analyzer"}]},{"@type":"WebSite","@id":"https://blogs.cisco.com/#website","url":"https://blogs.cisco.com/","name":"Cisco Blogs","description":"","publisher":{"@id":"https://blogs.cisco.com/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://blogs.cisco.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://blogs.cisco.com/#organization","name":"Cisco Systems","url":"https://blogs.cisco.com/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/#/schema/logo/image/","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/10/Cisco_Logo_no_TM_Sky_Blue-RGB.png","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/10/Cisco_Logo_no_TM_Sky_Blue-RGB.png","width":912,"height":482,"caption":"Cisco Systems"},"image":{"@id":"https://blogs.cisco.com/#/schema/logo/image/"}}]}</script>  <link rel='dns-prefetch' href='//www.cisco.com' /> <link rel='dns-prefetch' href='//s.w.org' /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs » Feed" href="https://blogs.cisco.com/feed" /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs » Comments Feed" href="https://blogs.cisco.com/comments/feed" /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs » Splunk Attack Analyzer Tag Feed" href="https://blogs.cisco.com/tag/splunk-attack-analyzer/feed" /> <script type="text/javascript"> window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/blogs.cisco.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.9.2"}}; /*! This file is auto-generated */ !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode;p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p||!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([10084,65039,8205,55357,56613],[10084,65039,8203,55357,56613])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source||{}).concatemoji?c(n.concatemoji):n.wpemoji&&n.twemoji&&(c(n.twemoji),c(n.wpemoji)))}(window,document,window._wpemojiSettings); </script> <style type="text/css"> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://blogs.cisco.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-components-css' href='https://blogs.cisco.com/wp-includes/css/dist/components/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-block-editor-css' href='https://blogs.cisco.com/wp-includes/css/dist/block-editor/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-nux-css' href='https://blogs.cisco.com/wp-includes/css/dist/nux/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-reusable-blocks-css' href='https://blogs.cisco.com/wp-includes/css/dist/reusable-blocks/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-editor-css' href='https://blogs.cisco.com/wp-includes/css/dist/editor/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='mux_video_block_style-css' href='https://blogs.cisco.com/wp-content/plugins/ilab-media-tools/public/blocks/mediacloud-mux.blocks.style.css' type='text/css' media='all' /> <style id='global-styles-inline-css' type='text/css'> body{--wp--preset--color--black: #000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--cisco-midnight-blue: #0d274d;--wp--preset--color--cisco-ocean-blue: #1e4471;--wp--preset--color--cisco-sky-blue: #00bceb;--wp--preset--color--cisco-green: #6abf4b;--wp--preset--color--cisco-orange: #fbab18;--wp--preset--color--cisco-red: #e2231a;--wp--preset--color--dark-gray: #495057;--wp--preset--color--medium-gray: #9e9ea2;--wp--preset--color--light-gray: #ced4da;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--duotone--dark-grayscale: url('#wp-duotone-dark-grayscale');--wp--preset--duotone--grayscale: url('#wp-duotone-grayscale');--wp--preset--duotone--purple-yellow: url('#wp-duotone-purple-yellow');--wp--preset--duotone--blue-red: url('#wp-duotone-blue-red');--wp--preset--duotone--midnight: url('#wp-duotone-midnight');--wp--preset--duotone--magenta-yellow: url('#wp-duotone-magenta-yellow');--wp--preset--duotone--purple-green: url('#wp-duotone-purple-green');--wp--preset--duotone--blue-orange: url('#wp-duotone-blue-orange');--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} </style> <link rel='stylesheet' id='category-css-css' href='https://blogs.cisco.com/wp-content/plugins/cisco-category-page-enhancement/css/category-css.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='multiauthor_custom_front_style-css' href='https://blogs.cisco.com/wp-content/plugins/cisco-multiple-authors/css/multiauthor.css?ver=1.1' type='text/css' media='all' /> <link rel='stylesheet' id='parent-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress/style.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='child-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/style.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='ciscowordpress-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/style.css?ver=5.9.2' type='text/css' media='all' /> <style id='ciscowordpress-style-inline-css' type='text/css'> @media only screen and (min-width: 930px){ ul#featured_categories li{ width: calc(100%/ ); }} </style> <link rel='stylesheet' id='cui-standard-css' href='https://www.cisco.com/web/fw/cisco-ui/1.3.5/dist/css/cui-standard.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='style_login_widget-css' href='https://blogs.cisco.com/wp-content/plugins/miniorange-oauth-oidc-single-sign-on/resources/css/style_login_widget.css?ver=5.9.2' type='text/css' media='all' /> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/plugins/cisco-multiple-authors/js/custom-multiauthor.js?ver=5.9.2' id='multiauthor_custom_js-js'></script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/card-dropdown.js?ver=5.9.2' id='ciscowordpress-card-tag-dropdown-js'></script> <link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://blogs.cisco.com/xmlrpc.php?rsd" /> <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://blogs.cisco.com/wp-includes/wlwmanifest.xml" /> <meta name="generator" content="WordPress 5.9.2" /> <link rel="icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-32x32.jpg" sizes="32x32" /> <link rel="icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-192x192.jpg" sizes="192x192" /> <link rel="apple-touch-icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-180x180.jpg" /> <meta name="msapplication-TileImage" content="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-270x270.jpg" /> </head> <body class="archive tag tag-splunk-attack-analyzer tag-65973 no-sidebar"> <div id="page" class="site"> <cdc-template-micro lang="en" search-set-context="blogs"> <a class="skip-link screen-reader-text" href="#content">Skip to content</a> <header id="masthead" class="site-header"> </header> <div id="content" class="site-content"> <p id="breadcrumbs"><span><span><a href="https://blogs.cisco.com/">Cisco Blogs</a> / <span class="breadcrumb_last" aria-current="page">Splunk Attack Analyzer</span></span></span></p> <div class="blog-row page-type"><h1 class="item-full">Splunk Attack Analyzer</h1></div> <div class="cui section"> <div class="blog-row"> <div class="blog-card item-thirds-1"> <div class="card-header"> <div class="card-social-header"> <p class="card-social-header-date"> September 27, 2024</p> <div class="card-social-header-comments"> <p class="comment-link"> <a href="https://blogs.cisco.com/security/black-hat-2024-soc-in-the-noc#respond"> <span class="icon-comment icon-extra-small"></span></a> </p> </div> </div> <p class="category"><a href="https://blogs.cisco.com/security">SECURITY</a></p> <a href="https://blogs.cisco.com/security/black-hat-2024-soc-in-the-noc" class="blog-image-link" style="display:unset;"> <div class ="card-img-header" style="background-image:url(https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/BHUSA_Image_1.webp);"></div> </a> </div><div class="card-author-section"> <a href=" https://blogs.cisco.com/author/rymaclen "> <div class ="blog-thumb" style="background-image:url(https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2023/08/IL20230822213625-rymaclen-150x150.jpg)"></div> </a> <p class="card-author-name"> <a href="https://blogs.cisco.com/author/rymaclen" title="Posts by Ryan Maclennan" rel="author">Ryan Maclennan</a> </p> </div><div class="card__body"> <a class="card-link" href="https://blogs.cisco.com/security/black-hat-2024-soc-in-the-noc"><h4 class="base-margin-bottom"> Black Hat 2024: SOC in the NOC </h4></a> <p class="read-time">6 min read</p> <p class="card-paragraph"> The Black Hat Network Operations Center (NOC) provides a high-security, high-availability network in one of the most demanding environments in the world: the Black Hat event. The NOC partners are selected by Black Hat, with Arista, Cisco, Corelight, Lumen, NetWitness and Palo Alto Networks delivering from Las Vegas this year. Cisco is the official Domain […] </p> </div> <div class="card-social-footer" id="social-foot-463221"> <div class="card-social-icon-container">  <a href = "https://www.linkedin.com/cws/share?url=https://blogs.cisco.com/security/black-hat-2024-soc-in-the-noc" aria-label="Share on LinkedIn" data-title=" " data-config-metrics-group='social_shares' data-config-metrics-title='linkedin_shares' data-config-metrics-item='linkedin_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/wp-content/themes/ciscowordpress/svg/linkedin.svg"></a>  <a href="https://twitter.com/intent/tweet?url=https://blogs.cisco.com/security/black-hat-2024-soc-in-the-noc&text=Black Hat 2024: SOC in the NOC&via=ciscosecure" target='_blank' aria-label="Share on Twitter" data-config-metrics-group='social_shares' data-config-metrics-title='twitter_shares' data-config-metrics-item='twitter_share'><img src="/wp-content/themes/ciscowordpress/svg/X.svg"></a>  <a href = "http://www.facebook.com/sharer/sharer.php?u=https://blogs.cisco.com/security/black-hat-2024-soc-in-the-noc&title=Black Hat 2024: SOC in the NOC" aria-label="Share on Facebook" data-config-metrics-group='social_shares' data-config-metrics-title='facebook_shares' data-config-metrics-item='facebook_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img src="/wp-content/themes/ciscowordpress/svg/facebook.svg"></a>  <a href="mailto:?subject=Cisco Blog: Black Hat 2024: SOC in the NOC&body=I saw this post on Cisco Blogs and thought you might like to read it.%0A%0ABlack Hat 2024: SOC in the NOC%0A%0Ahttps://blogs.cisco.com/security/black-hat-2024-soc-in-the-noc%0A%0A****Disclaimer****%0A%0ACisco is not responsible for the content of this email, and its contents do not necessarily reflect Cisco’s views or opinions. Cisco has not verified the email address or name of the sender." aria-label="Share via Email" data-config-metrics-group='social_shares' data-config-metrics-title='email_shares' data-config-metrics-item='email_share'> <img src="/wp-content/themes/ciscowordpress/svg/email_icon_no_circle.svg"></a> </div> <div class="card-tags-dropdown"> <span class="card-tags-btn" id="463221">Tags <span class="icon-chevron-down icon-extra-small" id="chevron-icon-463221"></span></span> <div class="card-tags-dropdown-content" id="tag-content-463221"> <div class="tag-sec"><ul class="columns"><li><a href="https://blogs.cisco.com/tag/bhusa-2024">BHUSA 2024</a></li><li><a href="https://blogs.cisco.com/tag/black-hat">Black Hat</a></li><li><a href="https://blogs.cisco.com/tag/breach-protection-suite">Breach Protection Suite</a></li><li><a href="https://blogs.cisco.com/tag/cisco-security-cloud">Cisco Security Cloud</a></li><li><a href="https://blogs.cisco.com/tag/cisco-umbrella">Cisco Umbrella</a></li><li><a href="https://blogs.cisco.com/tag/cisco-xdr">Cisco XDR</a></li><li><a href="https://blogs.cisco.com/tag/cloud-protection-suite">Cloud Protection Suite</a></li><li><a href="https://blogs.cisco.com/tag/meraki">meraki</a></li><li><a href="https://blogs.cisco.com/tag/mobile-device-management">Mobile Device Management</a></li><li><a href="https://blogs.cisco.com/tag/noc">Network Operations Center (NOC)</a></li><li><a href="https://blogs.cisco.com/tag/security-operations-center">Security Operations Center (SOC)</a></li><li><a href="https://blogs.cisco.com/tag/splunk">Splunk</a></li><li><a href="https://blogs.cisco.com/tag/splunk-attack-analyzer">Splunk Attack Analyzer</a></li><li><a href="https://blogs.cisco.com/tag/talos">Talos</a></li><li><a href="https://blogs.cisco.com/tag/telemetry-broker">Telemetry Broker</a></li><li><a href="https://blogs.cisco.com/tag/thousandeyes">ThousandEyes</a></li><li><a href="https://blogs.cisco.com/tag/user-protection-suite">User Protection Suite</a></li></ul></div> </div></div> </div> </div> </div> </div>  <div id="social-footer" class="blog-row"> <ul class="social-footer-item item-full"> <h5> CONNECT WITH US </h5> <ul id="social-icons-list"> <li> <a href="https://www.linkedin.com/company/cisco/" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's LinkedIn"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m24.80382,24.53603l-3.70694,0l0,-5.62559c0,-1.34209 -0.02431,-3.06801 -1.92709,-3.06801c-1.92986,0 -2.22361,1.46262 -2.22361,2.97171l0,5.72189l-3.70347,0l0,-11.56902l3.55417,0l0,1.58181l0.05069,0c0.49445,-0.90976 1.70486,-1.86868 3.50903,-1.86868c3.75347,0 4.44722,2.39528 4.44722,5.51111l0,6.34478zm-15.74236,-13.1495c-1.19097,0 -2.15139,-0.934 -2.15139,-2.08552c0,-1.15084 0.96042,-2.08485 2.15139,-2.08485c1.18611,0 2.14931,0.93401 2.14931,2.08485c0,1.15152 -0.9632,2.08552 -2.14931,2.08552l0,0zm1.85486,13.1495l0,-11.56902l-3.71111,0l0,11.56902l3.71111,0zm15.73403,-20.65724l-21.30556,0c-1.01736,0 -1.84444,0.78249 -1.84444,1.74815l0,20.74545c0,0.96499 0.82708,1.74882 1.84444,1.74882l21.30556,0c1.02014,0 1.84931,-0.78383 1.84931,-1.74882l0,-20.74545c0,-0.96566 -0.82917,-1.74815 -1.84931,-1.74815l0,0z" fill="#fff" fill-rule="evenodd"></path></svg></a></li> <li> <a href="https://twitter.com/Cisco/" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Twitter"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <path d="M25.2019 2H30.1087L19.3887 13.8605L32 30H22.1254L14.3913 20.2115L5.54174 30H0.631901L12.0981 17.3138L0 2H10.1252L17.1162 10.9471L25.2019 2ZM23.4797 27.1569H26.1987L8.64785 4.69374H5.73013L23.4797 27.1569Z" fill="#fff"/> </svg></a></li> <li> <a href="https://www.facebook.com/cisco/" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Facebook"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m26.62006,4l-22.2403,0c-0.7622,0 -1.37976,0.59894 -1.37976,1.33804l0,21.56635c0,0.73891 0.61756,1.33803 1.37976,1.33803l11.97343,0l0,-9.38796l-3.25793,0l0,-3.65868l3.25793,0l0,-2.69815c0,-3.13113 1.97213,-4.83613 4.85266,-4.83613c1.37975,0 2.56571,0.09955 2.91135,0.14415l0,3.2722l-1.99788,0.00091c-1.56654,0 -1.86993,0.72183 -1.86993,1.7812l0,2.33582l3.7362,0l-0.48652,3.65868l-3.24968,0l0,9.38796l6.37067,0c0.76191,0 1.37975,-0.59912 1.37975,-1.33803l0,-21.56635c0,-0.7391 -0.61784,-1.33804 -1.37975,-1.33804" fill="#fff"></path></svg></a></li> <li> <a href="https://www.instagram.com/cisco/?hl=en" target="_blank" rel=”noopener noreferrer” tabindex="0" alt= "Go to Cisco's Instagram"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g fill="#fff"><path d="m22.23823,2.07724l-12.4768,0c-4.23706,0 -7.68419,3.44729 -7.68419,7.68435l0,12.4768c0,4.23723 3.44713,7.68436 7.68419,7.68436l12.4768,0c4.23739,0 7.68452,-3.4473 7.68452,-7.68436l0,-12.4768c0.00016,-4.23706 -3.44713,-7.68435 -7.68452,-7.68435zm5.21409,20.16115c0,2.87494 -2.33899,5.21377 -5.21393,5.21377l-12.47696,0c-2.87478,0.00016 -5.2136,-2.33883 -5.2136,-5.21377l0,-12.4768c0,-2.87477 2.33882,-5.21376 5.2136,-5.21376l12.4768,0c2.87494,0 5.21393,2.33899 5.21393,5.21376l0,12.4768l0.00016,0z"></path><path d="m15.99999,8.82524c-3.9564,0 -7.17508,3.21868 -7.17508,7.17508c0,3.95624 3.21868,7.17476 7.17508,7.17476c3.9564,0 7.17509,-3.21852 7.17509,-7.17476c0,-3.9564 -3.21869,-7.17508 -7.17509,-7.17508zm0,11.87908c-2.59395,0 -4.70449,-2.11021 -4.70449,-4.70416c0,-2.59412 2.11038,-4.7045 4.70449,-4.7045c2.59412,0 4.7045,2.11038 4.7045,4.7045c0,2.59395 -2.11054,4.70416 -4.7045,4.70416z"></path><path d="m23.47599,6.73035c-0.476,0 -0.9436,0.1927 -1.27976,0.53035c-0.33781,0.336 -0.532,0.80376 -0.532,1.28141c0,0.47617 0.19435,0.94377 0.532,1.28141c0.336,0.336 0.80376,0.53036 1.27976,0.53036c0.47765,0 0.94377,-0.19436 1.28141,-0.53036c0.33765,-0.33764 0.53036,-0.80541 0.53036,-1.28141c0,-0.47765 -0.19271,-0.94541 -0.53036,-1.28141c-0.336,-0.33765 -0.80376,-0.53035 -1.28141,-0.53035z"></path></g></svg></a></li> <li> <a href="https://www.youtube.com/user/Cisco/welcome" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Youtube"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m12.73901,19.93335l-0.00144,-8.54172l8.47104,4.28574l-8.4696,4.25598zm18.59878,-10.02146c0,0 -0.30631,-2.09493 -1.24635,-3.01746c-1.19214,-1.21081 -2.52842,-1.21682 -3.14122,-1.28769c-4.38704,-0.30753 -10.96784,-0.30753 -10.96784,-0.30753l-0.01363,0c0,0 -6.58064,0 -10.96784,0.30753c-0.61283,0.07087 -1.94862,0.07688 -3.14119,1.28769c-0.93998,0.92253 -1.24586,3.01746 -1.24586,3.01746c0,0 -0.31352,2.46013 -0.31352,4.92024l0,2.30635c0,2.46008 0.31352,4.92018 0.31352,4.92018c0,0 0.30588,2.09496 1.24586,3.01749c1.19257,1.21085 2.7591,1.17254 3.45682,1.29945c2.50808,0.23321 10.65906,0.30539 10.65906,0.30539c0,0 6.58758,-0.00962 10.97462,-0.31712c0.6128,-0.07089 1.94908,-0.07687 3.14122,-1.28772c0.94004,-0.92253 1.24635,-3.01749 1.24635,-3.01749c0,0 0.31306,-2.4601 0.31306,-4.92018l0,-2.30635c0,-2.46011 -0.31306,-4.92024 -0.31306,-4.92024l0,0z" fill="#fff"></path></svg></a></li> </ul> </ul> </div>  </cdc-template-micro>  </div> <script type="text/javascript" src="//www.cisco.com/c/dam/cdc/t/ctm.js"></script> <script> function convert_to_url(obj) { return Object .keys(obj) .map(k => `${encodeURIComponent(k)}=${encodeURIComponent(obj[k])}`) .join('&'); } function pass_to_backend() { if(window.location.hash) { var hash = window.location.hash; var elements = {}; hash.split("#")[1].split("&").forEach(element => { var vars = element.split("="); elements[vars[0]] = vars[1]; }); if(("access_token" in elements) || ("id_token" in elements) || ("token" in elements)) { if(window.location.href.indexOf("?") !== -1) { window.location = (window.location.href.split("?")[0] + window.location.hash).split('#')[0] + "?" + convert_to_url(elements); } else { window.location = window.location.href.split('#')[0] + "?" + convert_to_url(elements); } } } } pass_to_backend(); </script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/navigation.js?ver=20151215' id='ciscowordpress-navigation-js'></script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/skip-link-focus-fix.js?ver=20151215' id='ciscowordpress-skip-link-focus-fix-js'></script> </body> </html>