Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
High(er) Fidelity Software Supply Chain Attack Detection
Software supply chain attacks are not going away. As our network defenses improve, adversaries must move up the chain to stay a step ahead of our defenses.
No Regrets Using Autoregress
The autoregression command, which is a centralized streaming command, is used to calculate a moving average. Learn how to use this command to gather information, just in time for Boss of the SOC v6!
Active Directory Discovery Detection: Threat Research Release, September 2021
In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.
Investigating GSuite Phishing Attacks with Splunk
Splunk Threat Research Team (STRT) recently observed a phishing campaign using GSuite Drive file-sharing as a phishing vector. Learn more and deploy detections to prevent them in your environment.
Splunk and DTEX Systems Leverage Human Telemetry and Zero Trust to Mitigate Insider Risks and Account Compromise
Splunk and DTEX Systems have partnered to offer an integrated solution that captures, analyzes and streams a single, noise-free endpoint data signal.
Hunting for Malicious PowerShell using Script Block Logging
The Splunk Threat Research Team recently began evaluating ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging to assist enterprise defenders in finding malicious PowerShell scripts.
Partner Spotlight: Texas Bankers Association Operationalize Data Across Teams and Tools
TruSTAR, acquired by Splunk, recently spoke with Alvin Mills, TBA’s Vice President of Information Technology and Security to learn why the organization selected TruSTAR as its intelligence management platform for data-centric security automation.
PowerShell Detections — Threat Research Release, August 2021
Adversaries are using PowerShell attacks, but luckily the Splunk Threat Research Team (STRT) has developed PowerShell analytics for Splunk by using the Splunk Attack Range to collect the generated logs, and hunt for suspicious PowerShell.
Staff Picks for Splunk Security Reading August 2021
These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read. If you would like to read other months, please take a peek at previous posts in the "Staff Picks" series!
Partner Spotlight: NCU-ISAO Members Gain Actionable Intelligence with TruSTAR
We recently spoke with Brian Hinze, NCU-ISAO Vice President, Member Services and Operations, to learn more about why NCU-ISAO chose TruSTAR for intelligence management, and how member organizations are using TruSTAR for information sharing and collaboration.
Is Your Cyber Team Overwhelmed by System Alerts?
Wondering how to prevent alert fatigue and turnover within your cyber team? Learn how Splunk can help Cyber professionals with a more efficient way to view, assess, and prioritize system alerts before devoting time to investigations.
Solving User Monitoring Use Cases With Splunk Enterprise Security
We all know Splunk’s data platform is capable of delivering incredible analytics and insights at scale, but how do we tie that power with all of the security content and premium solutions for security that Splunk provides? I thought it would be a good idea to jot some thoughts down about some common high level security use cases becauseI get asked this question so much.
What Do Organizations Value Most in a SIEM/Security Analytics Provider? In a Word: Actionability
According to 451 Research’s Voice of the Enterprise survey data, 64% say integration and correlation of threat intelligence is very important when selecting a SIEM vendor. Learn where Splunk Enterprise Security can give you actionable insights.
Hunting for Detections in Attack Data with Machine Learning
Learn how to leverage the real-world and simulated attack data that Splunk's Threat Research team collected to use machine learning to discover attack activity and identify how to transform insights into detections.
Splunk SOAR: Anyone Can Automate
If you haven’t heard the news, Splunk Phantom is now Splunk SOAR – available both on-prem and in the cloud. Read on to find out what that means for you.
Threat Advisory: Telegram Crypto Botnet STRT-TA01
The Splunk Threat Research Team (STRT) has detected the resurface of a Crypto Botnet using Telegram, a widely used messaging application that can create bots and execute code remotely. Learn more about the indicators of the botnet operation and use our pre-built and tested detections to find them in your environment.
Trickbot Detections: Threat Research Release, July 2021
The Splunk Threat Research Team (STRT) addressed Trickbot in the July release. Trickbot is a very popular crimeware carrier (Trojan) associated with current campaigns.
Staff Picks for Splunk Security Reading July 2021
These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read. If you would like to read other months, please take a peek at previous posts in the "Staff Picks" series!
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
Connect with Splunk on Instagram
Follow @Splunk
