Security Blogs

Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read. We hope you enjoy.

Splunk's Paul Agbabian shares a look back at the key developments and enhancements to the Open Cybersecurity Schema Framework (OCSF) since its launch in August 2022.

The Splunk Threat Research Team shares their findings on the Linux-targeted destructive payload AwfulShred.

Splunk Enterprise Security was named a leader in SIEM and security analytics by three analyst firms - Forrester, IDC and a third analyst firm. In fact, Splunk is the only SIEM provider to be named a “Leader” in SIEM by all three top analyst reports.

Introducing the PEAK Threat Hunting Framework, bringing a fresh perspective to threat hunting and incorporating three distinct types of hunts.

Make your SIEM your single point of truth by ingesting events that are otherwise seen only by Splunk Security, Orchestration, Automation and Response (SOAR).

The Splunk Threat Research Team explores how to detect and prevent malicious drivers and discusses Splunk Security Content available to defend against these types of attacks.

Splunk's Paul Kurtz explores how CISOs’ jobs will become more complex as they address AI-driven attacks, automated vulnerability exploitation, battle data poisoning, or deep fakes that make current phishing tactics look quaint.

In our first blog in the Splunk RBA series, we introduced Risk-Based Alerting (RBA) and covered the basic principles of RBA. In the rest of this series, we explain how you can plan and then implement RBA within your organization.