Splunk Threat Research Team's Blog Posts

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository.

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content.

Detecting Password Spraying Attacks: Threat Research Release May 2021
Security
5 Minute Read

Detecting Password Spraying Attacks: Threat Research Release May 2021

The Splunk Threat Research team walks you through a new analytic story to help SOC analysts detect adversaries executing password spraying attacks, and highlights a few detections from the May 2021 releases.
DarkSide Ransomware: Splunk Threat Update and Detections
Security
6 Minute Read

DarkSide Ransomware: Splunk Threat Update and Detections

Splunk Threat Research Team (STRT) replicated the DarkSide Ransomware Attack and has released an Analytic Story with several detection searches directed at community shared IOCs.
Clop Ransomware Detection: Threat Research Release, April 2021
Security
4 Minute Read

Clop Ransomware Detection: Threat Research Release, April 2021

Discover how the Splunk Threat Research Team focused their research efforts on Clop Ransomware detections to help organizations detect abnormal behavior faster before it becomes detrimental.
Introducing Splunk Attack Range v1.0
Security
3 Minute Read

Introducing Splunk Attack Range v1.0

The Splunk Attack Range project has officially reached the v1.0 release – read on to learn how we got here, what features we’ve built for v1.0 and what the future looks like for Splunk Attack Range.
Detecting Clop Ransomware
Security
5 Minute Read

Detecting Clop Ransomware

As ransomware campaigns continue, malicious actors introduce different modus operandi to target their victims. In this blog, we’ll be taking a look at the Clop ransomware. This crimeware was discovered in 2019 and is said to be used for an attack that demanded one of the highest ransom amounts in recorded history.
Detecting AWS IAM Privilege Escalation
Security
3 Minute Read

Detecting AWS IAM Privilege Escalation

The Splunk Threat Research team develops security research to help SOC analysts detect adversaries attempting to escalate their privileges and gain elevated access to AWS resources. Learn how we simulate these attacks using Atomic Red Team, collect and analyze the AWS cloudtrail logs, and utilize pre-packaged Splunk detections to detect these threats.