false
Splunk Blogs
Splunk Blogs
Splunk Blogs
Splunk Threat Research Team

Splunk Threat Research Team

 

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.


Read more Splunk Security Content

Security 13 Min Read

The Lost Payload: MSIX Resurrection
Threat actors weaponize MSIX for malware delivery – learn about MSIX attacks, distribution, and how Splunk's MSIXBuilder helps security teams test detection safely.
Security 2 Min Read

Splunk Security Content for Threat Detection & Response: September Recap
Splunk's September ESCU update: New security content & analytics for robust threat detection. Covers Cisco ASA, ArcaneDoor, diverse malware, and Office365 Copilot activity.
Security 10 Min Read

From Prompt to Payload: LAMEHUG’s LLM-Driven Cyber Intrusion
The Splunk Threat Research Team analyzes the LAMEHUG malware, examining its tactics and techniques to provide insights that can help SOC analysts and blue teamers identify and respond.
Artificial Intelligence 8 Min Read

Getting Started With Copilot Log Analysis for Security in Microsoft 365 With Splunk
Learn M365 Copilot log analysis, detect AI-specific threats like prompt injection, and leverage Splunk for robust security monitoring & compliance.
Security 7 Min Read

Operationalize ESCU Detections Featuring Onboarding Assistant
Master operationalizing Splunk ESCU detections in Splunk Enterprise Security using the Onboarding Assistant.
Security 3 Min Read

Splunk Security Content for Threat Detection & Response: August Recap
Learn about the latest security content from Splunk.
Security 17 Min Read

Static Tundra Analysis & CVE-2018-0171 Detection Guide
Protect your network from Static Tundra's exploitation of CVE-2018-0171 Cisco Smart Install vulnerability. Get comprehensive analysis & Splunk detection guidance.
Security 5 Min Read

Splunk Security Content for Threat Detection & Response: August 2025 Update
Learn about the latest security content from Splunk.
Security 13 Min Read

Picture Paints a Thousand Codes: Dissecting Image-Based Steganography in a .NET (Quasar) RAT Loader
Uncover how to identify malicious executable loaders that use steganography to deliver payloads such as Quasar RAT.
Security 11 Min Read

Detecting Suspicious ESXi Activity Before Ransomware Happens
Learn to detect suspicious activity using Splunk, including log ingestion, common indicators, and comprehensive detection strategies for VMware ESXi environments.
Artificial Intelligence 5 Min Read

Using RAG, Splunk ES Content Update App (ESCU), and MLTK to Develop, Enhance, and Analyze Splunk Detections
Learn how to enhance Splunk security detections using a local Llama3 LLM, RAG, MLTK, and ESCU.
Security 2 Min Read

Splunk Security Content for Threat Detection & Response: July Recap
Learn about the latest security content from Splunk.
Security 12 Min Read

Beyond the Patch: SharePoint Exploits and the Hidden Threat of IIS Module Persistence
The cybersecurity landscape witnessed a perfect storm in July 2025 when multiple critical SharePoint vulnerabilities collided with sophisticated IIS module-based persistence techniques, creating a nightmare scenario for enterprise defenders.
Security 10 Min Read

CitrixBleed 2: When Memory Leaks Become Session Hijacks
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild.
Security 20 Min Read

Unlocking Endpoint Network Security Insights with Cisco Network Visibility Module (NVM) and Splunk
Unlock deep endpoint network security insights by integrating Cisco NVM with Splunk.
Security 13 Min Read

Beyond The Click: Unveiling Fake CAPTCHA Campaigns
Learn how clipboard hijacking delivers malware and explore tools like ClickGrab & PasteEater for robust defense strategies.
Security 2 Min Read

Splunk Security Content for Threat Detection & Response: June Recap
Learn about the latest security content from Splunk.
Security 16 Min Read

When Installers Turn Evil: The Pascal Script Behind Inno Setup Malware Campaign
Uncover the Inno Setup malware campaign leveraging Pascal scripting to deliver RedLine Stealer.
Legal
Privacy
Sitemap
Cookies / Do not sell or share my personal data
Website Terms of Use
Modern Slavery

© 2005 - 2025 Splunk LLC All rights reserved.