Skip to main content
shared header v2
Lucid Search Bar Implementation
Push Down Banner V1 Analytics Patch, remove after implementing V2 (S9 or S10)
Global nav V2 patch, remove after adding the mobile languages fix in the codebase (S7 or S8)
Splunk Threat Research Team
Splunk Threat Research Team


The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content

Security 7 Min Read

Threat Update: AwfulShred Script Wiper

The Splunk Threat Research Team shares their findings on the Linux-targeted destructive payload AwfulShred.
Security 15 Min Read

These Are The Drivers You Are Looking For: Detect and Prevent Malicious Drivers

The Splunk Threat Research Team explores how to detect and prevent malicious drivers and discusses Splunk Security Content available to defend against these types of attacks.
Security 9 Min Read

Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise

In this Splunk blog post, we aim to equip defenders with the necessary tools and strategies to actively hunt down and counteract this campaign. Additionally, we will offer some resilient analytic ideas that can serve as a foundation for future threat detection and response efforts.
Security 9 Min Read

AsyncRAT Crusade: Detections and Defense

The Splunk Threat Research Team explores detections and defense against the Microsoft OneNote AsyncRAT malware campaign.
Security 10 Min Read

Breaking the Chain: Defending Against Certificate Services Abuse

Explore the common certificate abuses leveraged by current and relevant adversaries in the wild, the multiple methods they use to obtain certificates, how to gather relevant logs and ways to mitigate adversaries stealing certificates.
Security 4 Min Read

Threat Advisory: SwiftSlicer Wiper STRT-TA03

The Splunk Threat Research Team shares a closer look at the SwiftSlicer wiper, a new payload discovered by ESET and found in a recent January 2023 campaign.