Security Blogs

Now available as part of Splunk Cloud, Splunk SOAR further delivers on our promise to modernize security operations – read on to learn more.

Announcing the new Splunk Security Cloud – the only data-centric modern security operations platform that delivers enterprise-grade advanced security analytics, automated security operations, and threat intelligence with an open, unparalleled ecosystem.

In this new Splunk SOAR Playbook, we'll show how a Splunk Enterprise search can trigger automated enrichment, an analyst prompt, and rapid response actions to prevent damage caused by malicious account access.

Splunker Olivia Courtney shares a walkthrough of what you can do with the power of Phantom Slash Commands to investigate Splunk Phantom events.

The Splunk Threat Research team walks you through a new analytic story to help SOC analysts detect adversaries executing password spraying attacks, and highlights a few detections from the May 2021 releases.

Learn about TruSTAR's API 2.0, featuring TruSTAR Intel Workflows. This blog post provides a look at some technical aspects of the Indicator Prioritization Intel Workflow.

Discover how threat intelligence can offer valuable insights to help fend off future attacks, no matter how covert or cunning they appear to be.

We read the 'What We Urge You To Do To Protect Against The Threat of Ransomware' memo and Executive Order (EO14028) in-depth, and this blog is designed to provide you with the information and takeaways to start acting immediately.

Have you ever built complex playbooks and tested them, only to find that they halted execution mid-stream? That’s probably because of your ‘join’ settings – read on to learn more.