Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
RCE à La Follina (CVE-2022-30190)
The Splunk SURGe team offers a closer look into the Follina MS Office RCE, including a breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.
Publish Your Splunk SOAR Apps Faster
The process for our technology partners to publish their SOAR Apps to Splunkbase just got faster and simpler.
Staff Picks for Splunk Security Reading May 2022
Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read. We hope you enjoy.
Threat Update: AcidRain Wiper
The Splunk Threat Research Team shares the details on the new malicious payload named AcidRain, designed to wipe modem or router devices (CPEs).
How Playbook Packs Drive Scalable Automation
See how pre-built Playbook Packs from Splunk can help augment your security analysts with automation that scales with your organization’s maturity.
Springing 4 Shells: The Tale of Two Spring CVEs
The Splunk Threat Research Team (STRT) shares detection opportunities in different stages of successful Spring4Shell exploitation.
Detecting Active Directory Kerberos Attacks: Threat Research Release, March 2022
Learn more about the Splunk Threat Research Team's new analytic story to help SOC analysts detect adversaries abusing the Kerberos protocol to attack Windows Active Directory environments
Splunk SOAR Recognized in Forrester Now Tech: SOAR, Q2 2022 Report
Splunk SOAR recognized within Forrester’s report Now Tech: Security Orchestration, Automation, And Response (SOAR), Q2 2022.
Bringing Data-Centric Security to RSAC 2022
Check out what Splunk has in store at RSA Conference 2022, including theater sessions, demos and a keynote presentation from Splunk CEO Gary Steele.
Threat Update: Cyclops Blink
The Splunk Threat Research Team shares the latest on the payload named Cyclops Blink, which seems to target Customer Premise Equipment devices (CPE) generally prevalent in commercial and residential locations enabling internet connectivity.
CI/CD Detection Engineering: Dockerizing for Scale, Part 4
Get the latest from the Splunk Threat Research Team on CI/CD Detection Engineering.
Answered: Your Most Burning Questions About Planning And Operationalizing MITRE ATT&CK
You asked, we answered. Splunker Matthias Maier compiled all of your most burning questions about planning and operationalizing MITRE ATT&CK in a blog post. Read all about it here.
Staff Picks for Splunk Security Reading April 2022
Check out our Splunk security experts' curated list of presentations, white papers, and customer case studies that we feel are worth a read in the month of April.
The Upsurge in Ransomware Attacks in Australia and Opportunities to Protect Data
Splunk's Mark Troselj explores the findings of Splunk SURGe's recent ransomware report and explains the importance of making risk mitigation a proactive and strategic focus.
STRT-TA03 CPE - Destructive Software
The Splunk Threat Research Team is monitoring several malicious payloads targeting Customer Premise Equipment (CPE) devices. These are defined as devices that are at customer (Commercial, Residential) premises and that provide connectivity and services to the internet backbone
Play Now with BOTS Partner Experiences: Dragos
We are pleased to announce a new Partner Experience – capture the flag (CTF) on-demand challenges, built by Splunk technology partner Dragos, running in Splunk, hosted on the BOTS platform and available for free!
State of Security Research Details Essential Strategies for the Year Ahead
Splunk's new research report, The State of Security 2022, shares a closer look into the challenges that security organizations face and the strategies they're relying on.
You Bet Your Lsass: Hunting LSASS Access
Dive in as the Splunk Threat Research Team shares how Mimikatz, and a few other tools found in Atomic Red Team, access credentials via LSASS memory.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
Connect with Splunk on Instagram
Follow @Splunk
