Security Blogs

The Splunk Threat Research Team recently updated the Active Directory Lateral Movement analytic story to help security operations center (SOC) analysts detect adversaries executing these techniques within Windows Active Directory (AD) environments.

A serious remote code execution (RCE) vulnerability (CVE-2021-44228) in the popular open source Apache Log4j logging library poses a threat to thousands of applications and third-party services that leverage this library. From Splunk SURGe, learn how you can detect Log4j 2 RCE using Splunk.

This blog focuses on the latest enhancements made to Splunk's OT Security Add-on, including highlighting key features and improvements that have been made in version 2.1

Hello everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, white papers, and customer case studies that we feel are worth a read. We hope you enjoy.

In this post, we demonstrate how to set up effective security monitoring of your Hyperledger Fabric infrastructure. We identify some common threats, recognize key data sources to monitor, and walk through using Splunk to ingest and visualize your data.

Learn how you can secure your development security operations with pre-built and tested Splunk detections and automated playbooks.

The following is a walkthrough of Remcos executed via Attack Range Local. We will go over some of the multiple and intrusive operations this remote access tool can execute at compromised hosts.

The Splunk Threat Research team addresses the two tools used by the well-organized and highly-skilled criminal group FIN7 — JSS Loader and Remcos.

With the official launch of bots.splunk.com, we're pleased to announce Partner Experiences – capture the flag (CTF) on-demand challenges, built by a Splunk technology partner, running in Splunk, hosted on the BOTS platform and available for free.