Threat Hunting with Splunk: Hands-on Tutorials for the Active Hunter

Security Ryan Kovar

At Splunk, you may hear us pontificating on our ponies about how awesome and easy it is to use Splunk to hunt for threats.

Why, all you need to do is use X and Y with Splunk to find a Z score (no zombies were injured) and BOOM! That baddie in your network is detected.

Going back to at least a decade, we’ve tried to make it easy — as you’ll see in the resources below — and yet threat hunting is about as easy as telling someone how easy it is to draw an owl. (Hint: it isn’t.) So, that’s why we started writing this series in 2017.

Today, we are doubling-down on our threat hunting capabilities. That's why we're updating this series, one article at a time, verifying that each tutorial is the best resource for some aspect of hunting, all using Splunk.

Show me the tutorials!

Want to learn more about threat hunting in general? Keep reading for more information about hunting and the team behind this series, SURGe.

Threat Hunting resources

So, let's make it clear, this entire series is about using Splunk for your threat hunting activities.

Here's some brand new and forever-favorite resources, too, that are about threat hunting with or without Splunk:

Meet the team

The team behind this series is SURGe, an in-house security research team at Splunk. The SURGe team focuses on in-depth analysis of the latest cybersecurity news and finding answers to security problems. All of this is delivered to you in a variety of forms:

Check out all these resources from SURGe and sign up for rapid response alerts.

And now, onto the hunting tutorials!

Tutorials for threat hunting with Splunk

This series will serve as your foundation for hunting with Splunk. (Brand new to Splunk? Explore our SIEM solution, Splunk Enterprise Security: Learn about Splunk ES | Tour Splunk ES)

Each of these articles take a single Splunk search command or hunting concept and break it down to its basic parts. We will help you create a solid base of Splunk knowledge that you can then use in your own environment to hunt for evil. We will cover everything from hypothesis generation to IDS. Splunk commands like stats, eval and lookups will be examined. And have we got queries for you!

As always, happy hunting!

Related Articles

TruSTAR Enclave: Not Your Grandpa’s 'Trusted Circle'
Security
4 Minute Read

TruSTAR Enclave: Not Your Grandpa’s 'Trusted Circle'

TruSTAR’s Enclave technology is the most advanced cloud-based governance engine for enterprise cyber intelligence – read on to discover how it has evolved to meet the needs of integration, automation and intelligence sharing.
Cisco Security Suite 3.0.1 – Now with ISE
Security
1 Minute Read

Cisco Security Suite 3.0.1 – Now with ISE

Imposters at the Gate: Spotting Remote Employment Fraud Before It Crosses the Wire
Security
6 Minute Read

Imposters at the Gate: Spotting Remote Employment Fraud Before It Crosses the Wire

Remote Employment Fraud actors don’t steal credentials—they’re issued them. This blog explores early detection and why security can’t face this threat alone.