Security Blogs

We introduced a large language model (LLM)-based phishing email detector integrated into the Splunk DSDL app. We provide details on model training and evaluation, comparisons to other machine learning and deep learning algorithms as well as deployment approaches to Splunk in this blog.

This post offers a practical guide to enhancing detection strategies against network share discovery, a technique often used by threat actors.

Splunk security experts share a list of presentations, whitepapers, and customer case studies from August 2023 that they feel are worth a read.

When most people think of threat hunting, they think of uncovering unknown threats – but that is only one of many (better) reasons to show value with threat hunting.

Splunk's Mike Horn shares a closer look at the value of a unified approach to security and observability.

The blog is to introduce lateral movement detection using Splunk User Behavior Analytics (UBA)

Threat Intelligence Management enables analysts to fully investigate security events or suspicious activity by providing the relevant and normalized intelligence to better understand threat context and accelerate time to triage.

For this month’s edition of Playbook of the Month, we’ll look at how you can perform investigations at machine speed using Splunk SOAR and one of our investigation playbooks, Internal Host WinRM Investigate.