Security Blogs

The Sunburst Backdoor threat truly burst on the scene as a send off for 2020. The good news is that the Splunk Security team has produced detections you can run in Splunk Enterprise Security to help you protect your environment from this sophisticated threat.

In part 3 of our now 4-part series, we walk you through how we failed to use CircleCI to continually test detentions!

British Airways made the headlines when they were hacked, customer details stolen and were issued a Penalty Notice by the UK ICO. Matthias Maier took a closer look at the document and recapitulated the key takeaways any IT security person can learn from.

A new alert, Ransomware Activity Targeting the Healthcare and Public Health Sector, issued by the CISA poses ongoing and possible imminent attacks against the healthcare sector. Learn how you can detect the Ryuk ransomware as payload with Splunk Attack Range.

Google Cloud Platform's Identity Access Management (IAM) permissions can be used to move laterally and escalate privileges. Learn how to detect GCP OAuth token abuse and remediate these events with Splunk.

Microsoft's recent security disclosure of CVE-2020-1472 is extremely harmful to systems that have not been patched or lack mitigations in place. Learn how to prevent and detect CVE-2020-1472 using Splunk Attack Range.

Modular Workbooks allow you to effortlessly adapt your security operations workflow. Learn how Splunk Phantom SOAR can help divide tasks into phases, assign responsibilities to team members, and document your work.

The Splunk Add-on for OT Security expands existing Splunk Enterprise Security frameworks to improve security visibility in OT environments for our customers, partners and community members.

In this blog, the Splunk threat research team shows how to detect suspicious activity and possible abuse of AWS Permanent and Temporary credentials.