Security Blogs

Two things will make you a more efficient & effective security analyst: OSINT and workflow actions in Splunk. We've got you covered in this article.

In this Splunk blog post, we aim to equip defenders with the necessary tools and strategies to actively hunt down and counteract this campaign. Additionally, we will offer some resilient analytic ideas that can serve as a foundation for future threat detection and response efforts.

Boss of the SOC (BOTS) is Splunk’s blue-team capture the flag-esque competition in which defenders use Splunk’s suite of security products to find APT threats, discover attacks and figure out what happened to our favorite virtual organization “Frothly Brewing Co.”

Learn the risks and rewards of generative AI in cybersecurity.

In this month's Staff Picks blog, our Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.

The Splunk Threat Research Team explores detections and defense against the Microsoft OneNote AsyncRAT malware campaign.

Sometimes, users put their password into a username field and it gets logged into Splunk – learn how to identify this behavior and remediate it with SOAR.

Explore the common certificate abuses leveraged by current and relevant adversaries in the wild, the multiple methods they use to obtain certificates, how to gather relevant logs and ways to mitigate adversaries stealing certificates.

Splunk's Kumar Sharad explains how to detect suspicious processes using recurrent neural networks.