Security Blogs

The Splunk Threat Research Team (STRT) unravels the mystery of a PlugX variant, peeling back the layers of its payload, tactics, and impact on the digital realm.

OMB M-21-31 requires US Federal Civilian agencies to implement user behavior monitoring. We'll explain what that means and how to do it right.

Get insights from a recent roundtable discussion in collaboration with CIO magazine. The talk focused on the dual challenge faced by IT and security managers: mitigating risks associated with AI while leveraging AI to enhance organizational capability.

Got some parsed fields that you're ready to analyze... possibly for threat hunting? We'll use Levenshtein, Shannon & URL Toolbox to show you how!

One of the most popular Splunk security apps of all time, URL Toolbox’s URL parsing capabilities have been leveraged by thousands. Full story here.

Splunker Michael Haag dives into Subject Interface Packages (SIPs) and their role in Windows security, exploring how SIPs can be exploited by malicious actors to bypass security measures and sign malicious code.

Announcing the release of Splunk SOAR 6.2 with features like logic loops for playbooks, integrations with CyberArk, two new firewall apps, and a new conversion option for classic playbooks.

Splunk security experts share their list of presentations, whitepapers, and customer case studies from November 2023 that they feel are worth a read.

This article discusses a foundational capability within Splunk — the eval command. Need to pick a couple commands for your desert island collection? eval should be one!