This post discusses how to use Splunk (and Splunk Enterprise Security) to find domains that are "new" to your organization and why you should care (HINT: YOU SHOULD! THEY ARE VERY OFTEN NAUGHTY). It uses basic Splunk statistics along with some more exciting (and faster) tstats.
See how Splunk's analytics-driven SIEM solution tackles real-time security monitoring, advanced threat detection, forensics and incident management
Splunk CISO, Joel Fulton, provides update regarding Meltdown/Spectre vulnerabilities
Configuring Bro to output JA3 signatures and how to ingest that data into Splunk
Splunk’s Enterprise Security Content Update (ESCU) app can provide you with early warnings and situational awareness—powerful elements of an effective defense against adversaries
TLS and SSL certificates are a great way to hunt advanced adversaries. Collect them with Splunk Stream, Bro, or Suricata and hunt in your own data!