SURGe Blogs
Latest Articles
Hypothesis-Driven Cryptominer Hunting with PEAK
A sample hypothesis-driven hunt, using SURGe's PEAK threat hunting framework, looking for unauthorized cryptominers.
Old School vs. New School
The Splunk SURGe team examines the claim that generative AI will empower threat actors to improve the scale and/or efficiency of their spear-phishing campaigns.
SOC Models: In-House, Out-Sourced, or Hybrid SOC?
Splunk's Kirsty Paine shares best practices from a roundtable held at Gartner Security & Risk Management Summit 2023.
Detecting Dubious Domains with Levenshtein, Shannon & URL Toolbox
Got some parsed fields that you're ready to analyze... possibly for threat hunting? We'll use Levenshtein, Shannon & URL Toolbox to show you how!
Parsing Domains with URL Toolbox (Just Like House Slytherin)
One of the most popular Splunk security apps of all time, URL Toolbox’s URL parsing capabilities have been leveraged by thousands. Full story here.
Using eval to Calculate, Appraise, Classify, Estimate & Threat Hunt
This article discusses a foundational capability within Splunk — the eval command. Need to pick a couple commands for your desert island collection? eval should be one!
Using RegEx for Threat Hunting (It’s Not Gibberish, We Promise!)
Another excellent tool for your threat hunting: RegEx! SPL offers two commands for utilizing regular expressions in Splunk searches. See how to do it here.
Stat! 3 Must-Have Data Filtering Techniques
To hunt for threats, there's a lot of data you do NOT need. Here are the 3 must-have data filtering techniques so you can hunt those threats STAT!
Revisiting the Big Picture: Macro-level ATT&CK Updates for 2023
SURGe reviews the latest attacker trends and behaviors with this look at four years of ATT&CK data from some of the largest and most trusted threat reporting sources.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
