Security Blogs

Risk-Based Alerting (RBA) is an intelligent alerting method with SIEM for security operations to operationalize cyber security frameworks like MITRE ATT&CK, Lockheed Martin's Killchain, or CIS20.

Get a breakdown of the features of the new malicious payload used against Ukraine, CaddyWiper.

In this February 2022 release, the Splunk Threat Research Team (STRT) focused on comparing currently created living off the land security content with Sigma and the LOLBas project.

The Splunk Threat Research Team shares a closer look at a new malicious payload named DoubleZero Destructor (CERT-UA #4243).

Check out our Splunk security experts' curated list of presentations, white papers, and customer case studies that we feel are worth a read in the month of March.

With the release of SURGe's new ransomware research, Splunker Shannon Davis shares a closer look into measuring how fast ransomware encrypts files.

Splunk SURGe Report reveals the need for ransomware prevention over response and mitigation.

Detecting HermeticWiper destructive software and ransomware decoy with Splunk.

Deep dive with the Splunk Threat Research Team on Linux Privilege Escalation and Linux Persistence Techniques.