Security Blogs

Welcome to the Splunk staff picks, featuring a curated list of presentations, whitepapers, and customer case studies that our Splunk security experts feel are worth a read.

Splunk's Paul Agbabian shares two new major OCSF developments – the general availability of Amazon Security Lake and Splunk Add-On for AWS v.7.0, and Release Candidate 3 launching for public review.

Splunker Haylee Mills dives deeper into the four levels of the Splunk Risk-Based Alerting journey.

Welcome to the third entry in our introduction to the PEAK Threat Hunting Framework! Taking our detective theme to the next level, imagine a tough case where you need to call in a specialized investigator. For these unique cases, we can use algorithmically-driven approaches called Model-Assisted Threat Hunting (M-ATH).

In this blog post, we dive into our recent research project, in which the Splunk SURGe team analyzed more than five billion TLS certificates to find out if the CAs we rely on are really worthy of our trust.

Satisfy internal and external compliance requirements using Splunk standard components.

The blog explains how STRT develops Splunk Security Content, aiding detection engineering and threat research teams to efficiently detect and respond to potential threats, using ESCU App amidst growing security incidents and system complexity.

Details on hypothesis-driven threat hunting with the PEAK framework.

In our last RBA blog post, we talked about some of the problems RBA can help solve. In this post, we explain the methodology we use with Splunk customers as their security teams start working with RBA.