Security Blogs

This blog showcases how to enable and ingest IIS operational logs, utilize PowerShell scripted inputs to ingest installed modules and simulate AppCmd and PowerShell adding new IIS modules and disable HTTP logging using Atomic Red Team.

The Splunk Threat Research Team walks through exploitation of ProxyShell and ProxyNotShell using MetaSploit, and hunts through data in Splunk to showcase different avenues for defenders to identify malicious activity.

Discover how you can use the ATT&CK framework for a wide array of use cases and to answer a wide range of questions in Splunk Security Essentials (SSE).

Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.

Splunk's Global Security Strategist Mick Baccio shares his experience attending Hackers on the Hill and invites you to join him and SURGe leader, Ryan Kovar, for the Data Security Predictions 2023 webinar.

Splunk Enterprise Security 7.1 offers new capabilities to help security teams detect suspicious behavior in real-time, quickly discover the scope of an incident to respond accurately, and improve security workflow efficiencies using embedded frameworks.

Cybersecurity requires a strong team – that's why Splunk has developed a new enablement course for our security partners to help create a better team for our customers.

The Splunk Threat Research Team explores the common Windows Registry abuses leveraged by current and relevant malware families in the wild and how to detect them.

Explore the new features introduced in version 3.0 of the Splunk Attack Range, aimed at helping you build resilient, high-quality threat detections.