Security Blogs

Security

3 Min Read

Fortify Digital Resilience with Splunk + Cisco Talos Incident Response

Announcing the availability of Cisco Talos Incident Response services to Splunk customers.

Latest Articles

Security 3 Min Read

State of Security Research Details Essential Strategies for the Year Ahead

Splunk's new research report, The State of Security 2022, shares a closer look into the challenges that security organizations face and the strategies they're relying on.

Security 13 Min Read

You Bet Your Lsass: Hunting LSASS Access

Dive in as the Splunk Threat Research Team shares how Mimikatz, and a few other tools found in Atomic Red Team, access credentials via LSASS memory.

Security 7 Min Read

Risk-Based Alerting: The New Frontier for SIEM

Risk-Based Alerting (RBA) is an intelligent alerting method with SIEM for security operations to operationalize cyber security frameworks like MITRE ATT&CK, Lockheed Martin's Killchain, or CIS20.

Security 4 Min Read

Threat Update: CaddyWiper

Get a breakdown of the features of the new malicious payload used against Ukraine, CaddyWiper.

Security 6 Min Read

Living Off The Land: Threat Research February 2022 Release

In this February 2022 release, the Splunk Threat Research Team (STRT) focused on comparing currently created living off the land security content with Sigma and the LOLBas project.

Security 5 Min Read

Threat Update DoubleZero Destructor

The Splunk Threat Research Team shares a closer look at a new malicious payload named DoubleZero Destructor (CERT-UA #4243).

Security 2 Min Read

Staff Picks for Splunk Security Reading March 2022

Check out our Splunk security experts' curated list of presentations, white papers, and customer case studies that we feel are worth a read in the month of March.

Security 4 Min Read

Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed

With the release of SURGe's new ransomware research, Splunker Shannon Davis shares a closer look into measuring how fast ransomware encrypts files.

Security 3 Min Read

Ransomware Encrypts Nearly 100,000 Files in Under 45 Minutes

Splunk SURGe Report reveals the need for ransomware prevention over response and mitigation.

Security 9 Min Read

Detecting HermeticWiper

Detecting HermeticWiper destructive software and ransomware decoy with Splunk.

Security 6 Min Read

Linux Persistence and Privilege Escalation: Threat Research January 2022 Release

In this January 2022 release, The Splunk Threat Research (STRT) team focused on the recently released Sysmon for Linux technology addition to Splunk.

Security 10 Min Read

Deep Dive on Persistence, Privilege Escalation Technique and Detection in Linux Platform

Deep dive with the Splunk Threat Research Team on Linux Privilege Escalation and Linux Persistence Techniques.

Security 2 Min Read

Staff Picks for Splunk Security Reading February 2022

Each month, Splunk security experts curate a list of news articles, research, white papers, and customer case studies that we feel are worth a read. We hope you enjoy!

Security 2 Min Read

Introducing Synthetic Adversarial Log Objects (SALO)

Synthetic Adversarial Log Objects (SALO) is a framework for the generation of log events without the need for infrastructure or actions to initiate the event that causes a log event. Learn more about its purpose and how you can utilize it.

Security 2 Min Read

Staff Picks for Splunk Security Reading January 2022

Welcome to the Splunk staff picks blog. Each month, Splunk security experts select presentations, white papers, and customer case studies that we feel are worth a read. We hope you enjoy.

Security 11 Min Read

Threat Advisory: STRT-TA02 - Destructive Software

The focus of this threat advisory is on a recently reported destructive payload by Microsoft MSTIC under the name of WhisperGate. We break down the different components and functions of how this payload works and provide a series of detections to mitigate and defend against this threat.

Security 7 Min Read