Splunk Threat Research Team's Blog Posts

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository.

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content.

Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021
Security
4 Minute Read

Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021

Learn about the latest emerging threats, such as Cloud Federated Credential Abuse and Cobalt Strike, where bad actors are abusing credential privileges in cloud environments to gain unauthorized access.
MSHTA and MSBuild Cat Jam: Threat Research Release January 2021
Security
4 Minute Read

MSHTA and MSBuild Cat Jam: Threat Research Release January 2021

Splunk's Security Research team was busy this past quarter generating attack data for 80% of all our detections. A step forward in validating and testing our security content and ensuring we can continually test detections via continuous integration and continuous delivery (CI/CD).
Using Splunk Attack Range to Test and Detect Data Destruction (ATT&CK 1485)
Security
2 Minute Read

Using Splunk Attack Range to Test and Detect Data Destruction (ATT&CK 1485)

Using Splunk Attack Range to test and detect Data Destruction techniques
New: Machine Learning in Splunk Enterprise Security Content Update
Security
3 Minute Read

New: Machine Learning in Splunk Enterprise Security Content Update

Use machine learning techniques to identify outliers in security-related data with a new probability-density function algorithm in Splunk's Machine Learning Toolkit (MLTK)
Monitor for, Investigate, and Respond to Phishing Payloads with Splunk Enterprise Security Content Update
Security
4 Minute Read

Monitor for, Investigate, and Respond to Phishing Payloads with Splunk Enterprise Security Content Update

Detect, investigate, and defend signs of phishing payloads in your environment with Splunk Enterprise Security Content Update (ESCU)