Security Blogs

Welcome to the Splunk staff picks blog. Each month, Splunk security experts select presentations, white papers, and customer case studies that we feel are worth a read. We hope you enjoy.

The focus of this threat advisory is on a recently reported destructive payload by Microsoft MSTIC under the name of WhisperGate. We break down the different components and functions of how this payload works and provide a series of detections to mitigate and defend against this threat.

An introduction to linux post exploitation simulation and threat detection using Splunk Attack Range and linux Sysmon.

Check out the latest Security Analytics enhancements to Splunk Enterprise Security with our latest 7.0 release.

Start detection against behaviors and TTPs from a Remcos loader that utilizes DynamicWrapperX (dynwrapx.dll) to execute shellcode and inject Remcos RAT into the target process.

Automate and simplify finding detections against ATT&CK techniques used by adversaries with Splunk SURGe's open-sourced project, ATT&CK Detections Collector (ADA).

Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, white papers, and customer case studies that we feel are worth a read.

Splunk Threat Research Team simulated the Log4j vulnerabilities in the Splunk Attack Range. Using the data collected, we developed 13 new detections and 9 playbooks to help Splunk SOAR customers investigate and respond to this threat.

Good news, you can use Splunk to proactively hunt using Network Traffic and DNS query logs data sources to detect potential Log4Shell exploit. From Splunk SURGe, learn even more detections against CVE-2021-44228.