Splunk Security Content for Threat Detection & Response: September Recap

Security Splunk Threat Research Team

In September, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security Content Update (ESCU) app (v5.14.0, v5.15.0, v5.15.2). With these releases, there are 21 new analytics and 7 new analytic stories now available in Splunk Enterprise Security via the ESCU application update process.

Content highlights include:

The team also published a blog focusing on Audit Logs and Microsoft Office365 Copilot Activity Logs using Splunk Add-on for Microsoft Office 365. This Splunk Add-on allows Splunk to pull service status, service messages and management activity logs from Office 365 Management API.

For all our tools and security content, please visit research.splunk.com.

Related Articles

Automation Made Easy: What’s New with Splunk Phantom
Security
2 Minute Read

Automation Made Easy: What’s New with Splunk Phantom

Security automation is now easier than ever. Learn what's new with Splunk Phantom now.
See More, Act Faster, and Simplify Investigations with Customizable Workflows from Splunk Enterprise Security 7.2
Security
3 Minute Read

See More, Act Faster, and Simplify Investigations with Customizable Workflows from Splunk Enterprise Security 7.2

Introducing new capabilities that deliver an improved workflow experience for simplified investigations; enhanced visibility and reduced manual workload; and customized investigation workflows for faster decision-making.
Autonomous Adversaries: Are Blue Teams Ready for Cyberattacks To Go Agentic?
Security
6 Minute Read

Autonomous Adversaries: Are Blue Teams Ready for Cyberattacks To Go Agentic?

Explore the impact of autonomous adversaries on cybersecurity as AI and LLMs evolve.