Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
Visual Link Analysis with Splunk: Part 2 - The Visual Part
Using Splunk for link analysis - part 2 covering visualizations of linked data.
Cybersecurity Today: Alice in Wonderland Meets the Matrix & Total Recall
The scale of cyber attacks and the complexity of networks exacerbate the situation. Operators face three significant challenges: an IT security ecosystem that is fragmented and in flux, users that are both human and machine, and multiple threats with varying levels of severity and sophistication.
Detecting the Sudo Baron Samedit Vulnerability and Attack
Looking for ways to detect and protect against the SUDO Baron Samedit vulnerability (CVE-2021-3156)? Look no further. In this blog we tell you how to proactively detect vulnerable servers using Splunk and also to detect malicious folks who are attempting to exploit this vulnerability for nefarious outcomes!
TruSTAR Enclave: Not Your Grandpa’s 'Trusted Circle'
TruSTAR’s Enclave technology is the most advanced cloud-based governance engine for enterprise cyber intelligence – read on to discover how it has evolved to meet the needs of integration, automation and intelligence sharing.
Visual Link Analysis with Splunk: Part 1 - Data Reduction
Part 1 of a multi-part series exploring ways to use Splunk for link analysis. This blog focuses on data reduction.
Splunk SOAR Playbooks: Finding and Disabling Inactive Users on AWS
Discover how to add an additional layer of security in AWS with Splunk Phantom by scheduling a playbook to search for inactive users and activating another playbook to disable problem user accounts.
Macros, We Don’t Need No Stinking Macros! — Featuring the New Microsoft O365 Email Add-On
Using Microsoft O365 for your emails? Take a look at the new Microsoft O365 Email Add-on for Splunk to start getting in-depth security and non security data from your emails today.
The 10 Essential Capabilities of a Best-of-Breed SOAR
Security orchestration, automation and response (SOAR) tools are here to stay, do you have the best-of-breed SOAR in your security stack?
Yes, Virginia, There is a -Santa Claus- Way to Detect Unemployment Fraud
Fraud rates for Unemployment Insurance Benefits (UIB) and Pandemic Unemployment Assistance (PUA) are out of control. Use these detections to start detecting unemployment fraud now.
A Golden SAML Journey: SolarWinds Continued
The SolarWinds Orion compromise resulted in the first recorded use of Golden SAML in the wild. Learn how you can start detecting this in Splunk now.
Automation Made Easy: What’s New with Splunk Phantom
Security automation is now easier than ever. Learn what's new with Splunk Phantom now.
Splunk’s Response to the SolarWinds Cyberattacks
Although Splunk was not directly affected by the SolarWinds cyberattacks, as a leader in security we want to help the industry by providing tools, guidance and support to those impacted. Splunk's CISO Yassir Abousselham shares relevant information for customers and examples of how Splunk has taken action to better protect its business.
Detecting Supernova Malware: SolarWinds Continued
Supernova exposes SolarWinds Orion to attack via an in-memory web shell. It needs to be patched and detections below can help identify adversary actions.
Staff Picks for Splunk Security Reading December 2020
These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read. If you would like to read other months, please take a peek at previous posts in the "Staff Picks" series!
Using Splunk to Detect Sunburst Backdoor
The Sunburst Backdoor threat truly burst on the scene as a send off for 2020. The good news is that the Splunk Security team has produced detections you can run in Splunk Enterprise Security to help you protect your environment from this sophisticated threat.
CI/CD Detection Engineering: Failing, Part 3
In part 3 of our now 4-part series, we walk you through how we failed to use CircleCI to continually test detentions!
7 High-Risk Events to Monitor Under GDPR: Lessons Learned from the ICO’s BA Penalty Notice
British Airways made the headlines when they were hacked, customer details stolen and were issued a Penalty Notice by the UK ICO. Matthias Maier took a closer look at the document and recapitulated the key takeaways any IT security person can learn from.
Detecting Ryuk Using Splunk Attack Range
A new alert, Ransomware Activity Targeting the Healthcare and Public Health Sector, issued by the CISA poses ongoing and possible imminent attacks against the healthcare sector. Learn how you can detect the Ryuk ransomware as payload with Splunk Attack Range.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
Connect with Splunk on Instagram
Follow @Splunk
