Latest Articles
displayMode
paginated
category
Security
showImagesOnMobile
false

Security
2 Minute Read
Splunk SOAR Playbooks: Suspicious Email Domain Enrichment
This playbook focuses specifically on domain names contained in the ingested email, and it uses Cisco Umbrella Investigate to add the risk score, risk status, and domain category to the event in Splunk SOAR.

Security
3 Minute Read
Cybersecurity’s Moneyball Transformation
What do baseball and cybersecurity have in common? Nothing, at first glance. But, take a deeper look and you can see the glaring similarities. That's because cybersecurity is going through its Moneyball transformation right now. Read this blog post to learn more.

Security
4 Minute Read
Clop Ransomware Detection: Threat Research Release, April 2021
Discover how the Splunk Threat Research Team focused their research efforts on Clop Ransomware detections to help organizations detect abnormal behavior faster before it becomes detrimental.

Security
4 Minute Read
TruSTAR Intel Workflows Series: Shifting from App-Centric to Data-Centric Security Operations
TruSTAR recently introduced API 2.O featuring TruSTAR Intel Workflows. This blog series will explain our motivations for building this feature, how it works, and how users can better inform security operations.

Security
3 Minute Read
Splunk and Zscaler Utilize Data and Zero Trust to Eradicate Threats
Splunk and Zscaler have partnered to deliver a superior approach to security. Our tightly integrated, best-of-breed cloud security and security analytics platforms deliver a cloud experience for the modern, cloud-first enterprise.

Security
2 Minute Read
Streamlining Vulnerability Management with Splunk Phantom
Manage the entire lifecycle of vulnerability management with automation and orchestration using Splunk’s SOAR technology, Splunk Phantom, to automate actions and reduce the time spent on patch management by 40%.

Security
10 Minute Read
SUPERNOVA Redux, with a Generous Portion of Masquerading
A review of the Pulse Secure attack where the threat actor connected to the network via a the Pulse Secure virtual private network (VPN), moved laterally to its SolarWinds Orion server, installed the SUPERNOVA malware, and collected credentials, all while masquerading the procdump.exe file and renamed it as splunklogger.exe.

Security
11 Minute Read
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
Our Splunk security experts share a closer look at the Pulse Connect Secure attack, including a breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.
