SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch
Feb 14, 2025
Explore the fascinating world of honeypots with insights on new SIEM dashboards that summarize attack data. Discover the recently patched vulnerability in Palo Alto Networks' devices that could lead to authentication bypass. Learn how China's Volt Typhoon group exploits older Cisco vulnerabilities for telecom attacks. Plus, find out about the latest security patches from Crowdstrike for their Linux client. A deep dive into pressing cybersecurity topics that keep professionals on their toes.
06:02
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- The new DShield SIEM add-on enhances honeypot monitoring with robust dashboards to visualize various attack data effectively.
- Recent vulnerabilities in Palo Alto Networks devices emphasize the critical need for timely security updates to prevent potential authentication bypasses.
Deep dives
Enhancements in Honeypot Visualization
Setting up a honeypot can be an engaging experience, but interpreting the logs to understand what attacks are occurring can be challenging. A new add-on developed for the honeypot offers advanced dashboards that facilitate a clearer visualization of attack data. This enhancement is powered by the ELK stack—Elasticsearch, Logstash, and Kibana—and includes additional analysis software, Seek. However, users should note that this new visualization tool requires a more robust hardware configuration than the minimum setup, making it essential to consider hardware choices to effectively utilize the software.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
