false
Splunk Blogs
Splunk Blogs
Splunk Blogs
Security Blogs
Security
3 Min Read

Fortify Digital Resilience with Splunk + Cisco Talos Incident Response
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
splunk-blogs-image

Latest Articles

Security 2 Min Read

The 10 Essential Capabilities of a Best-of-Breed SOAR
Security orchestration, automation and response (SOAR) tools are here to stay, do you have the best-of-breed SOAR in your security stack?
Security 4 Min Read

Yes, Virginia, There is a -Santa Claus- Way to Detect Unemployment Fraud
Fraud rates for Unemployment Insurance Benefits (UIB) and Pandemic Unemployment Assistance (PUA) are out of control. Use these detections to start detecting unemployment fraud now.
Security 9 Min Read

A Golden SAML Journey: SolarWinds Continued
The SolarWinds Orion compromise resulted in the first recorded use of Golden SAML in the wild. Learn how you can start detecting this in Splunk now.
Security 2 Min Read

Automation Made Easy: What’s New with Splunk Phantom
Security automation is now easier than ever. Learn what's new with Splunk Phantom now.
Security 2 Min Read

Splunk’s Response to the SolarWinds Cyberattacks

Although Splunk was not directly affected by the SolarWinds cyberattacks, as a leader in security we want to help the industry by providing tools, guidance and support to those impacted. Splunk's CISO Yassir Abousselham shares relevant information for customers and examples of how Splunk has taken action to better protect its business.
Security 7 Min Read

Detecting Supernova Malware: SolarWinds Continued
Supernova exposes SolarWinds Orion to attack via an in-memory web shell. It needs to be patched and detections below can help identify adversary actions.
Security 3 Min Read

Staff Picks for Splunk Security Reading December 2020
These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read. If you would like to read other months, please take a peek at previous posts in the "Staff Picks" series!
Security 8 Min Read

Using Splunk to Detect Sunburst Backdoor
The Sunburst Backdoor threat truly burst on the scene as a send off for 2020. The good news is that the Splunk Security team has produced detections you can run in Splunk Enterprise Security to help you protect your environment from this sophisticated threat.
Security 4 Min Read

CI/CD Detection Engineering: Failing, Part 3
In part 3 of our now 4-part series, we walk you through how we failed to use CircleCI to continually test detentions!
Security 5 Min Read

7 High-Risk Events to Monitor Under GDPR: Lessons Learned from the ICO’s BA Penalty Notice
British Airways made the headlines when they were hacked, customer details stolen and were issued a Penalty Notice by the UK ICO. Matthias Maier took a closer look at the document and recapitulated the key takeaways any IT security person can learn from.
Security 6 Min Read

Detecting Ryuk Using Splunk Attack Range
A new alert, Ransomware Activity Targeting the Healthcare and Public Health Sector, issued by the CISA poses ongoing and possible imminent attacks against the healthcare sector. Learn how you can detect the Ryuk ransomware as payload with Splunk Attack Range.
Security 5 Min Read

Detecting Google Cloud Platform OAuth Token Abuse Using Splunk
Google Cloud Platform's Identity Access Management (IAM) permissions can be used to move laterally and escalate privileges. Learn how to detect GCP OAuth token abuse and remediate these events with Splunk.
Security 5 Min Read

Detecting CVE-2020-1472 (CISA ED 20-04) Using Splunk Attack Range
Microsoft's recent security disclosure of CVE-2020-1472 is extremely harmful to systems that have not been patched or lack mitigations in place. Learn how to prevent and detect CVE-2020-1472 using Splunk Attack Range.
Security 5 Min Read

Adaptable Incident Response With Splunk Phantom Modular Workbooks
Modular Workbooks allow you to effortlessly adapt your security operations workflow. Learn how Splunk Phantom SOAR can help divide tasks into phases, assign responsibilities to team members, and document your work.
Security 2 Min Read

Introducing a New Splunk Add-On for OT Security
The Splunk Add-on for OT Security expands existing Splunk Enterprise Security frameworks to improve security visibility in OT environments for our customers, partners and community members.
Security 7 Min Read

Using Splunk to Detect Abuse of AWS Permanent and Temporary Credentials
In this blog, the Splunk threat research team shows how to detect suspicious activity and possible abuse of AWS Permanent and Temporary credentials.
Security 7 Min Read

CI/CD Detection Engineering: Splunk's Attack Range, Part 2
In part 2 of our 3-part series, we walk you through how to use Splunk Security-Content, Attack Range and CircleCI to do detection development, continuous testing and deployment as a workflow in your SOC.
Security 8 Min Read

CI/CD Detection Engineering: Splunk's Security Content, Part 1
This blog is part 1 of a 3 part series that includes a step-by-step walk-through of how to use Splunk Security-Content, Attack Range and CircleCI to do detection development, continuous testing, and deployment as a workflow in your security operation center.
CONTACT SPLUNK
CONTACT SPLUNK
USER REVIEWS
USER REVIEWS
SPLUNK MOBILE
Download Splunk Mobile on the apple app store
Download Splunk Mobile on the Google Play store
Legal
Privacy
Sitemap
Cookies / Do not sell or share my personal data
Website Terms of Use
Modern Slavery

© 2005 - 2025 Splunk LLC All rights reserved.