Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
Static Tundra Analysis & CVE-2018-0171 Detection Guide
Protect your network from Static Tundra's exploitation of CVE-2018-0171 Cisco Smart Install vulnerability. Get comprehensive analysis & Splunk detection guidance.
Splunk Security Content for Threat Detection & Response: August 2025 Update
Learn about the latest security content from Splunk.
Picture Paints a Thousand Codes: Dissecting Image-Based Steganography in a .NET (Quasar) RAT Loader
Uncover how to identify malicious executable loaders that use steganography to deliver payloads such as Quasar RAT.
Detecting Suspicious ESXi Activity Before Ransomware Happens
Learn to detect suspicious activity using Splunk, including log ingestion, common indicators, and comprehensive detection strategies for VMware ESXi environments.
Obey My Logs! AI-Powered Compromised Credential Detection
Splunker Shannon Davis shares a closer look into how to detect compromised credentials with AI-powered PLoB.
Introducing… The Threat Hunter’s Cookbook!
The security experts on the SURGe team have released The Threat Hunter’s Cookbook, a hands-on guide for security practitioners that features actionable insights into threat hunting methods, ready-to-use queries, and more.
Securing the Unseen
Learn how Splunk Asset and Risk Intelligence unifies IT/OT visibility, enhances threat detection, and ensures compliance.
Now Available: OCSF Translation with Splunk Edge Processor
Splunk Edge Processor now translates raw data to OCSF format using new SPL2 commands.
Splunk Security Content for Threat Detection & Response: July Recap
Learn about the latest security content from Splunk.
Security Staff Picks To Read This Month, Handpicked by Splunk Experts
Our Splunk security experts share their favorite reads of the month so you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.
Beyond the Patch: SharePoint Exploits and the Hidden Threat of IIS Module Persistence
The cybersecurity landscape witnessed a perfect storm in July 2025 when multiple critical SharePoint vulnerabilities collided with sophisticated IIS module-based persistence techniques, creating a nightmare scenario for enterprise defenders.
CitrixBleed 2: When Memory Leaks Become Session Hijacks
Discover how to detect, mitigate, and respond to CitrixBleed 2 (CVE-2025-5777), a critical Citrix NetScaler ADC and Gateway vulnerability exploited in the wild.
Unlocking Endpoint Network Security Insights with Cisco Network Visibility Module (NVM) and Splunk
Unlock deep endpoint network security insights by integrating Cisco NVM with Splunk.
Beyond The Click: Unveiling Fake CAPTCHA Campaigns
Learn how clipboard hijacking delivers malware and explore tools like ClickGrab & PasteEater for robust defense strategies.
Splunk @ SAPPHIRE 2025 Recap: How SAP Customers Use Splunk for World-Class Observability and Security
Splunker Keith Hontz shares a look at the Splunk highlights from SAP SAPPHIRE 2025.
Splunk Security Content for Threat Detection & Response: June Recap
Learn about the latest security content from Splunk.
When Installers Turn Evil: The Pascal Script Behind Inno Setup Malware Campaign
Uncover the Inno Setup malware campaign leveraging Pascal scripting to deliver RedLine Stealer.
Threat Hunting with TLS/SSL Certificates
TLS and SSL certificates are a great way to hunt advanced adversaries. Collect them with Splunk Stream, Bro, or Suricata and hunt in your own data!
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
Connect with Splunk on Instagram
Follow @Splunk
