Skip to main content
false
Splunk Threat Research Team
Splunk Threat Research Team

 

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.


Read more Splunk Security Content

Security 4 Min Read

MSHTA and MSBuild Cat Jam: Threat Research Release January 2021

Splunk's Security Research team was busy this past quarter generating attack data for 80% of all our detections. A step forward in validating and testing our security content and ensuring we can continually test detections via continuous integration and continuous delivery (CI/CD).
Security 2 Min Read

Using Splunk Attack Range to Test and Detect Data Destruction (ATT&CK 1485)

Using Splunk Attack Range to test and detect Data Destruction techniques
Security 2 Min Read

Splunk's Attack Range Provides a Simple Framework for Generating Attack Data

Splunk's Attack Range provides a turnkey framework for creating environments to simulate attacks as close to "ground truth" as possible.
Security 5 Min Read

Cities Held Hostage: Fighting Ransomware with Analytics

Splunk's Security Research Team dives into why ransomware's so successful and how to mitigate it.
Security 3 Min Read

New: Machine Learning in Splunk Enterprise Security Content Update

Use machine learning techniques to identify outliers in security-related data with a new probability-density function algorithm in Splunk's Machine Learning Toolkit (MLTK)
Security 6 Min Read

Defending Against Common Phishing Frameworks Kits with Splunk Enterprise Security Content Update

Discover how Splunk Enterprise Security Content Update (ESCU) can help you protect your network.
Security 4 Min Read

Monitor for, Investigate, and Respond to Phishing Payloads with Splunk Enterprise Security Content Update

Detect, investigate, and defend signs of phishing payloads in your environment with Splunk Enterprise Security Content Update (ESCU)
Security 5 Min Read

Splunk Security Research Went on a Phishing Trip – Here's What Happened

Learn how to detect, monitor, and respond to the telltale signs of phishing using Splunk security products in the latest releases of Splunk Enterprise Security Content Update (ESCU)
Security 6 Min Read

Defending Against Phishing Frameworks with Splunk Enterprise Security Content Updates

Attackers often use phishing framework kits to generate faux websites to trick unwitting users into visiting and/or giving up sensitive information.
Security 6 Min Read

Cloud Services Have Broken Your Defenses – Here's How to Fix Them

Don't fall for common misconceptions about cloud services. Learn how to protect your cloud infrastructure by shoring up some common holes.
Security 7 Min Read

CVE-2019-6340: Going Full Circle

Learn how to detect and investigate signs of a dangerous Drupal exploit detailed in CVE-2018-6340.
Security 2 Min Read

Catching the Coldroot RAT

Detect signs of the Mac Coldroot RAT malware in your environment with Splunk Enterprise Security Content Update (ESCU)
Security 2 Min Read

I Do Not Like Your Ransom Scam. I Do Not Like It, SamSam I Am.

Find out how Splunk Enterprise Security Content Updates can protect you from the SamSam ransomware.
Security 3 Min Read

Get More Flexibility and Accelerated Searches with the New Endpoint Data Model

November's Splunk Enterprise Security Content Update (ESCU) releases included some powerful updates, adapting searches to leverage the new Endpoint Data Model
Security 1 Min Read

Building a Stickier SSH Honeypot with Cowrie

Find out how to build a honeypot that looks more like a true system--making hackers more likely to stick around and demonstrate their latest attack techniques.
Security 2 Min Read

Fight Web Fraud with Splunk Enterprise Security Content Update's October Release

Use Splunk Enterprise Security Content Update (ESCU) searches to help you detect and prevent web fraud
Security 1 Min Read

A Threat-Delivery Service for Slacking Hackers?

Once a mere trojan downloader, Emotet has evolved to become a threat-delivery service.
Security 2 Min Read

Mount an Effective Defense Against Credential Dumping

Learn about the new Analytic Stories and searches in the August releases of Splunk's Enterprise Security Content Update