Security Blogs

Check out the latest Security Analytics enhancements to Splunk Enterprise Security with our latest 7.0 release.

Start detection against behaviors and TTPs from a Remcos loader that utilizes DynamicWrapperX (dynwrapx.dll) to execute shellcode and inject Remcos RAT into the target process.

Automate and simplify finding detections against ATT&CK techniques used by adversaries with Splunk SURGe's open-sourced project, ATT&CK Detections Collector (ADA).

Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, white papers, and customer case studies that we feel are worth a read.

Splunk Threat Research Team simulated the Log4j vulnerabilities in the Splunk Attack Range. Using the data collected, we developed 13 new detections and 9 playbooks to help Splunk SOAR customers investigate and respond to this threat.

Good news, you can use Splunk to proactively hunt using Network Traffic and DNS query logs data sources to detect potential Log4Shell exploit. From Splunk SURGe, learn even more detections against CVE-2021-44228.

The Splunk Threat Research Team recently updated the Active Directory Lateral Movement analytic story to help security operations center (SOC) analysts detect adversaries executing these techniques within Windows Active Directory (AD) environments.

A serious remote code execution (RCE) vulnerability (CVE-2021-44228) in the popular open source Apache Log4j logging library poses a threat to thousands of applications and third-party services that leverage this library. From Splunk SURGe, learn how you can detect Log4j 2 RCE using Splunk.

This blog focuses on the latest enhancements made to Splunk's OT Security Add-on, including highlighting key features and improvements that have been made in version 2.1