false

Security Blogs

Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.

Latest Articles

Security 9 Min Read

regreSSHion: Uncovering CVE-2024-6387 in OpenSSH - A Critical Vulnerability

CVE-2024-6387, aka "regreSSHion", exposes Linux environments to remote unauthenticated code execution. Learn how to handle this CVE here.
Security 1 Min Read

Splunk Ranked Number 1 in the 2024 Gartner® Critical Capabilities for Security Information and Event Management

Splunk was ranked as the #1 SIEM solution in all three Use Cases in the 2024 Gartner® Critical Capabilities for Security Information and Event Management report.
Security 8 Min Read

The Geometry of Fraud Detection

Splunker Nimish Doshi shares statistical ways to find outliers and visualizes what they would look like if using virtual area or virtual volume as geometric representations to find them.
Security 2 Min Read

Staff Picks for Splunk Security Reading June 2024

Welcome to the June Splunk staff picks blog, featuring a list of presentations, whitepapers, and customer case studies that our Splunk Security experts feel are worth a read.
Security 4 Min Read

Zipf's Law and Fraud Detection

Splunker Nimish Doshi breaks down Zipf’s Law to look for possible indicators of fraud.
Security 4 Min Read

Safe Passage: Seamless Transition Path for IBM QRadar Customers

The SOC is where it all goes down and where dedicated SecOps teams work tirelessly to protect every digital corner of an organization.
Security 5 Min Read

Reduce False Alerts – Automatically!

Splunker Xiao Lin explains the 'False Positive Suppression Model,' now in the UBA tool.
Security 8 Min Read

LNK or Swim: Analysis & Simulation of Recent LNK Phishing

LNK files are a common starting point for many phishing campaigns. Read on to strengthen your defenses against these LNK file phishing attacks.
Security 10 Min Read

Deploy, Test, Monitor: Mastering Microsoft AppLocker, Part 2

Leverage the power of Splunk to ingest, visualize, and analyze AppLocker events, enabling you to gain valuable insights and strengthen your organization's security posture.
Security 11 Min Read

Deploy, Test, Monitor: Mastering Microsoft AppLocker, Part 1

The Splunk Threat Research Team provides a comprehensive overview of AppLocker and guidance for getting started with AppLocker policies
Security 6 Min Read

Security Insights: Detecting CVE-2024-4040 Exploitation in CrushFTP

The Splunk Threat Research Team explores how Splunk can help you identify and investigate CVE-2024-4040 exploitation in your CrushFTP environment.
Security 3 Min Read

Staff Picks for Splunk Security Reading May 2024

Splunk security experts share a list of presentations, whitepapers, and customer case studies that we feel are worth a read.
Security 5 Min Read

Accelerate Rare Event Model Computation by Customizing Cardinality Constraints

Splunker Xiao Lin explores how 'cardinalitySizeLimit' works, its impact on UBA performance, and how to leverage this feature to enhance threat detection.
Security 14 Min Read

Splunk Tools & Analytics To Empower Threat Hunters

Calling all threat hunters! This article dives into the many Splunk tools and analytics that can help threat hunters in their day-to-day hunting activities.
Security 4 Min Read

UEBA Superpowers: Simplify Incident Investigations to Increase SOC Efficiency

Fernando Jorge explains how Splunk UBA simplifies incident investigations and enhances SOC efficiency with advanced machine learning and behavior analytics.
Security 2 Min Read

Splunk SOAR Playbook of the Month: Splunk Attack Analyzer Dynamic Analysis

For this Splunk SOAR Playbook of the Month, Splunker Coty Sugg shows how to use one of our out-of-the-box playbooks for faster, simpler, and more effective dynamic analysis.
Security 7 Min Read

Threat Hunting in 2024: Must-Have Resources & Tasks for Every Hunter

What are the most important things threat hunters do every day? We surveyed professionals and here are the must-have tasks and resources.
Security 3 Min Read

Splunk Named a Leader in the Gartner® Magic Quadrant™ for SIEM

Splunk has been named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM), which is the tenth consecutive time for Splunk in the Leaders Quadrant.