Splunk Threat Research Team's Blog Posts

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository.

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content.

Threat Update: Cyclops Blink
Security
6 Minute Read

Threat Update: Cyclops Blink

The Splunk Threat Research Team shares the latest on the payload named Cyclops Blink, which seems to target Customer Premise Equipment devices (CPE) generally prevalent in commercial and residential locations enabling internet connectivity.
CI/CD Detection Engineering: Dockerizing for Scale, Part 4
Security
9 Minute Read

CI/CD Detection Engineering: Dockerizing for Scale, Part 4

Get the latest from the Splunk Threat Research Team on CI/CD Detection Engineering.
STRT-TA03 CPE - Destructive Software
Security
5 Minute Read

STRT-TA03 CPE - Destructive Software

The Splunk Threat Research Team is monitoring several malicious payloads targeting Customer Premise Equipment (CPE) devices. These are defined as devices that are at customer (Commercial, Residential) premises and that provide connectivity and services to the internet backbone
You Bet Your Lsass: Hunting LSASS Access
Security
13 Minute Read

You Bet Your Lsass: Hunting LSASS Access

Dive in as the Splunk Threat Research Team shares how Mimikatz, and a few other tools found in Atomic Red Team, access credentials via LSASS memory.
Threat Update: CaddyWiper
Security
4 Minute Read

Threat Update: CaddyWiper

Get a breakdown of the features of the new malicious payload used against Ukraine, CaddyWiper.
Living Off The Land: Threat Research February 2022 Release
Security
6 Minute Read

Living Off The Land: Threat Research February 2022 Release

In this February 2022 release, the Splunk Threat Research Team (STRT) focused on comparing currently created living off the land security content with Sigma and the LOLBas project.