Approaching Linux Post-Exploitation with Splunk Attack Range
An introduction to linux post exploitation simulation and threat detection using Splunk Attack Range and linux Sysmon.
Detecting Ryuk Using Splunk Attack Range
A new alert, Ransomware Activity Targeting the Healthcare and Public Health Sector, issued by the CISA poses ongoing and possible imminent attacks against the healthcare sector. Learn how you can detect the Ryuk ransomware as payload with Splunk Attack Range.
Detecting Google Cloud Platform OAuth Token Abuse Using Splunk
Google Cloud Platform's Identity Access Management (IAM) permissions can be used to move laterally and escalate privileges. Learn how to detect GCP OAuth token abuse and remediate these events with Splunk.
Detecting CVE-2020-1472 (CISA ED 20-04) Using Splunk Attack Range
Microsoft's recent security disclosure of CVE-2020-1472 is extremely harmful to systems that have not been patched or lack mitigations in place. Learn how to prevent and detect CVE-2020-1472 using Splunk Attack Range.
Using Splunk to Detect Abuse of AWS Permanent and Temporary Credentials
In this blog, the Splunk threat research team shows how to detect suspicious activity and possible abuse of AWS Permanent and Temporary credentials.
Approaching Azure Kubernetes Security
Introduction to monitoring security in Azure Kubernetes Clusters using Splunk.
