false
Splunk Blogs
Splunk Blogs
Splunk Blogs
Security Blogs
Security
3 Min Read

Fortify Digital Resilience with Splunk + Cisco Talos Incident Response
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
splunk-blogs-image

Latest Articles

Security 5 Min Read

Detecting Google Cloud Platform OAuth Token Abuse Using Splunk
Google Cloud Platform's Identity Access Management (IAM) permissions can be used to move laterally and escalate privileges. Learn how to detect GCP OAuth token abuse and remediate these events with Splunk.
Security 5 Min Read

Detecting CVE-2020-1472 (CISA ED 20-04) Using Splunk Attack Range
Microsoft's recent security disclosure of CVE-2020-1472 is extremely harmful to systems that have not been patched or lack mitigations in place. Learn how to prevent and detect CVE-2020-1472 using Splunk Attack Range.
Security 5 Min Read

Adaptable Incident Response With Splunk Phantom Modular Workbooks
Modular Workbooks allow you to effortlessly adapt your security operations workflow. Learn how Splunk Phantom SOAR can help divide tasks into phases, assign responsibilities to team members, and document your work.
Security 2 Min Read

Introducing a New Splunk Add-On for OT Security
The Splunk Add-on for OT Security expands existing Splunk Enterprise Security frameworks to improve security visibility in OT environments for our customers, partners and community members.
Security 7 Min Read

Using Splunk to Detect Abuse of AWS Permanent and Temporary Credentials
In this blog, the Splunk threat research team shows how to detect suspicious activity and possible abuse of AWS Permanent and Temporary credentials.
Security 7 Min Read

CI/CD Detection Engineering: Splunk's Attack Range, Part 2
In part 2 of our 3-part series, we walk you through how to use Splunk Security-Content, Attack Range and CircleCI to do detection development, continuous testing and deployment as a workflow in your SOC.
Security 8 Min Read

CI/CD Detection Engineering: Splunk's Security Content, Part 1
This blog is part 1 of a 3 part series that includes a step-by-step walk-through of how to use Splunk Security-Content, Attack Range and CircleCI to do detection development, continuous testing, and deployment as a workflow in your security operation center.
Security 2 Min Read

Nation-State Espionage Targeting COVID-19 Vaccine Development Firms - The Actions Security Teams Need To Take Now!
The UK NCSC published an advisory report that threat group APT29 most recently targeted organizations which are involved in COVID-19 vaccines development and testing. Find out if your organization is affected and which actions you need to take now.
Security 1 Min Read

The Next 12 Months - Where IT Leaders Anticipate Spending More Time On
IDG’s recent “State of the CIO” survey across IT leaders has revealed the impact of COVID-19 on IT organizations and the sudden and unforeseen shifts of their initial 2020 plans.
Security 6 Min Read

Approaching Kubernetes Security — Detecting Kubernetes Scan with Splunk
Approaching Kubernetes security. Detect and investigate Kubernetes cluster scan and fingerprinting using Splunk.
Security 3 Min Read

Splunk Attack Range Now With Caldera and Kali Linux
An overview of the updates the Splunk Security Research Team has been working on for Splunk Attack Range, now with Caldera adversarial simulation framework and Kali Linux
Security 5 Min Read

Integrating COVID (or Any) Threat Indicators with MISP and Splunk Enterprise Security
Integrating MISP servers with Enterprise Security's Threat Intelligence framework
Security 2 Min Read

Asset & Identity for Splunk Enterprise Security - Part 3: Empowering Analysts with More Attributes in Notables

This is part three in a three part series on the Asset & Identity framework in Splunk Enterprise Security, focusing providing additional visibility and context to analysts with a notable event.
Security 4 Min Read

Asset & Identity for Splunk Enterprise Security - Part 2: Adding Additional Attributes to Assets
This is part two in a three part series on the Asset & Identity framework in Splunk Enterprise Security, focusing on adding additional field or attributes to further contextualize systems being monitored.
Security 3 Min Read

Between Two Alerts: Easy VPN Security Monitoring with Splunk Enterprise Security
It’s a whole new world we’re living in, at least for now. This little tutorial will help you stay on top of your security game while in the world of Enterprise Security.
Security 4 Min Read

Asset & Identity for Splunk Enterprise Security - Part 1: Contextualizing Systems
This is part one in a three part series on the Asset & Identity framework in Splunk Enterprise Security, focusing on gaining context on systems being monitored.
Security 7 Min Read

Use Cloud Infrastructure Data Model to Detect Container Implantation (MITRE T1525)
Using cloud infrastructure data model to detect possible container implantation (Mitre Cloud Matrix technique T1525)
Security 2 Min Read

Boss of the SOC v3 Dataset Released!
The tradition continues! We are happy to announce that the Boss of the SOC (BOTS) v3 dataset has been released under an open-source license and is available for download.
Legal
Privacy
Sitemap
Cookies / Do not sell or share my personal data
Website Terms of Use
Modern Slavery

© 2005 - 2025 Splunk LLC All rights reserved.