Security Blogs

Many threats originate from the endpoint and detecting them requires insights into what happens on the endpoint. In this post we look at different endpoint activity data sources, comparing the benefits and capabilities of Splunk Universal Forwarder with vast limits uberAgent and homegrown solutions.

Learn how you can scale IT operational processes and enhance network performance by leveraging security orchestration, automation and response (SOAR) tools such as Splunk Phantom.

Learn how to step-by-step process to building the dashboard with Sigbay Link Analysis visualization app from scratch.

The Splunk Threat Research team develops security research to help SOC analysts detect adversaries attempting to escalate their privileges and gain elevated access to AWS resources. Learn how we simulate these attacks using Atomic Red Team, collect and analyze the AWS cloudtrail logs, and utilize pre-packaged Splunk detections to detect these threats.

Learn how to use automated playbooks to monitor new user accounts to ensure that threat actors like Hafnium cannot leverage the Active Directory system to exploit vulnerabilities.

Automation is optimizing SOC workflows but also shaking up the cybersecurity workspace. Skills that were once in high demand are decreasing in value. Splunker Matthias Maier took a closer look into cybersecurity developments and shares which cybersecurity skills professionals should be focussing on in the upcoming years.

These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read. If you would like to read other months, please take a peek at previous posts in the "Staff Picks" series!

Implement security playbooks to automatically delete Microsoft Exchange Webshells and terminate W3WP spawned processes with Splunk Phantom.

Learn how AWS and these Splunk products work together to help you strengthen your security posture and defend against threats to your environment.