Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
Using stats, eventstats & streamstats for Threat Hunting…Stat!
The stats command is a crucial capability when you’re threat hunting. And so are two related commands: eventstats & streamstats. Get all the details, right here.
Using metadata & tstats for Threat Hunting
Behold the power of metadata and tstats commands! These commands will quickly provide situational awareness of your hosts and sourcetypes as you begin hunting.
Threat Hunting for Dictionary-DGA with PEAK
Explore applied model-assisted threat hunting for dictionary-based domain generation algorithms using the SURGe Security Research Team's PEAK Threat Hunting Framework.
Deep Learning in Security: Text-based Phishing Email Detection with BERT Model
We introduced a large language model (LLM)-based phishing email detector integrated into the Splunk DSDL app. We provide details on model training and evaluation, comparisons to other machine learning and deep learning algorithms as well as deployment approaches to Splunk in this blog.
Sharing is Not Caring: Hunting for Network Share Discovery
This post offers a practical guide to enhancing detection strategies against network share discovery, a technique often used by threat actors.
Staff Picks for Splunk Security Reading August 2023
Splunk security experts share a list of presentations, whitepapers, and customer case studies from August 2023 that they feel are worth a read.
Key Threat Hunting Deliverables with PEAK
When most people think of threat hunting, they think of uncovering unknown threats – but that is only one of many (better) reasons to show value with threat hunting.
Unified Strategies Across IT and Security for Cutting-Edge Detection, Investigation and Response
Splunk's Mike Horn shares a closer look at the value of a unified approach to security and observability.
Detecting Lateral Movement Using Splunk User Behavior Analytics
The blog is to introduce lateral movement detection using Splunk User Behavior Analytics (UBA)
Integrated Intelligence Enrichment With Threat Intelligence Management
Threat Intelligence Management enables analysts to fully investigate security events or suspicious activity by providing the relevant and normalized intelligence to better understand threat context and accelerate time to triage.
Using Splunk Stream for Hunting: Finding Islands in the Stream (of Data)
Let's look at how to use the popular Splunk Stream App for our favorite purpose: threat hunting! This is part of our Threat Hunting with Splunk series.
Splunk SOAR Playbook of the Month: Investigations with Playbooks
For this month’s edition of Playbook of the Month, we’ll look at how you can perform investigations at machine speed using Splunk SOAR and one of our investigation playbooks, Internal Host WinRM Investigate.
Unveiling Splunk UBA 5.3: Power and Precision in One Package
Splunk celebrates the launch of User Behavior Analytics (UBA) 5.3, introducing the 20 Node XL cluster, innovative Splunk UBA models, and essential system and security upgrades.
That Was Easy! Manage Lookup Files and Backups With the Splunk App for Lookup File Editing
The 4.0.1 release of the App for Lookup File Editing helps users mitigate issues with new features such as a backup size limit and dashboards for tracking backup size.
Making Sense of the New SEC Cybersecurity Rules and What They Could Mean for Your Company
The United States Securities and Exchange Commission’s (SEC) July 26 approval of new cybersecurity 'incident' disclosure rules is top of mind for every public company, and understanding what it means and how companies will be held accountable is crucial.
Open Cybersecurity Schema Framework (OCSF) Takes Flight with v1.0 Schema Release
The Open Cybersecurity Schema Framework (OCSF) celebrates its first anniversary with the launch of a new open data schema.
BOTS at .conf23 Wrap Up and Worldwide BOTS Day!
After four hours, 56 New Wave songs, a make-your-own donut bar, and a ton of fun, BOTS v8 made its successful debut at .conf23
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
Connect with Splunk on Instagram
Follow @Splunk
