New capabilities for ReversingLabs Splunk app automate triage, incident response, and hunting tasks

ReversingLabs, the leading provider of destructive object insights delivering SOC decision support, automation and threat analytics solutions for triage, incident response and hunting teams announced enhancements to its application for Splunk Enterprise.

ReversingLabs integrated Titanium Platform enriches Splunk data with next-generation malware analysis and local threat intelligence for real-time correlation and threat detection results.

New capabilities for ReversingLabs Splunk application further automate triage, incident response, and hunting tasks for security operations analysts, architects and threat hunters.

“We recognize that security operations teams continue to face skill and resource challenges while seeking more efficient ways to cope with exploding data, growing attack surfaces and new threats,” said Mario Vuksan, CEO and co-founder, ReversingLabs.

“As such, ReversingLabs enhanced integration with Splunk can be a force multiplier for security operations teams seeking to accelerate SIEM triage, automate malware analysis and incident response, enrich investigations, and fuel better orchestration and analytics workflows and decision making.”

By ingesting detailed malware analysis from the ReversingLabs Titanium Platform, Splunk provides security operations teams with additional file reputation capabilities to automate and accelerate the identification and investigation of malware threats.

Specifically, ReversingLabs now provides improved email and phishing decision support for Splunk with its ReversingLabs Splunk App.

Splunk triage and response

• Enhanced file reputation correlation – Drive faster triage and analysis through direct Splunk search bar correlation.
• New Splunk analysis for quarantined files – Tanium visibility into Symantec QBD AV quarantined files for integration and analyst visibility.
• New Splunk analysis for macro – Macro to executable converter (VBS2Exe formats) extends coverage with less work for analysts.

Advanced email and phishing detection

• Enhanced email processing and classification – Improved email storyteller adds additional email specific tags to yield better, faster results.
• New deceptive email detection – New deceptive email header detection reduces malware going undetected.

Advanced malware detection

• Enhanced URL analysis reference and blacklisting – Enhancements provide quicker results.
• New deceptive link detection – URLs within HTML files uncovers deception tactics.
• New malware detections – Generic worm threats, Ramnit Virus and Ransomware including DelphiRansomware, Dragon, Jaffe, Jemd, Lurk, LuckyJoe, Animus, DCRTR, EZDZ and Hermes improves detection performance.

Security operations personnel will also benefit from ReversingLabs dashboard enhancements which provide improved screen navigation and data consolidation.

Security analysts will appreciate enhanced Splunk integration with ReversingLabs which highlights a threat landscape view, showing both threat exposure over time and undetected threats, and an added URL analysis module. Updated Splunk integrations from ReversingLabs will be available in the near future.