Threat Hunting with Splunk: Hands-on Tutorials for the Active Hunter

    At Splunk, you may hear us pontificating on our ponies about how awesome and easy it is to use Splunk to hunt for threats.  

Why, all you need to do is use X and Y with Splunk to find a Z score (no zombies were injured) and BOOM! That baddie in your network is detected.

Going back to at least a decade, we’ve tried to make it easy — as you’ll see in the resources below —  and yet threat hunting is about as easy as telling someone how easy it is to draw an owl. (Hint: it isn’t.) So, that’s why we started writing this series in 2017.

Today, we are doubling-down on our threat hunting capabilities. That's why we're updating this series, one article at a time, verifying that each tutorial is the best resource for some aspect of hunting, all using Splunk.

Show me the tutorials!

Want to learn more about threat hunting in general? Keep reading for more information about hunting and the team behind this series, SURGe.

Threat Hunting resources

So, let's make it clear, this entire series is about using Splunk for your threat hunting activities.

Here's some brand new and forever-favorite resources, too, that are about threat hunting with or without Splunk:

Meet the team

The team behind this series is SURGe, an in-house security research team at Splunk. The SURGe team focuses on in-depth analysis of the latest cybersecurity news and finding answers to security problems. All of this is delivered to you in a variety of forms:

  • Rapid Response Guides
  • Original research like our analysis of ransomware binaries and a macro-level ATT&CK analysis
  • Our weekly Coffee Talk with SURGe broadcasts
  • Monthly security reading recommendations
  • And lots more

Check out all these resources from SURGe and sign up for rapid response alerts.

And now, onto the hunting tutorials!

Tutorials for threat hunting with Splunk

This series will serve as your foundation for hunting with Splunk. (Brand new to Splunk? Explore our SIEM solution, Splunk Enterprise Security: Learn about Splunk ES | Tour Splunk ES)

Each of these articles take a single Splunk search command or hunting concept and break it down to its basic parts. We will help you create a solid base of Splunk knowledge that you can then use in your own environment to hunt for evil. We will cover everything from hypothesis generation to IDS. Splunk commands like stats, eval and lookups will be examined. And have we got queries for you!

As always, happy hunting!

Ryan Kovar
Posted by

Ryan Kovar

NY. AZ. Navy. SOCA. KBMG. DARPA. Splunk.

Show All Tags
Show Less Tags