Security Blogs

A new alert, Ransomware Activity Targeting the Healthcare and Public Health Sector, issued by the CISA poses ongoing and possible imminent attacks against the healthcare sector. Learn how you can detect the Ryuk ransomware as payload with Splunk Attack Range.

Google Cloud Platform's Identity Access Management (IAM) permissions can be used to move laterally and escalate privileges. Learn how to detect GCP OAuth token abuse and remediate these events with Splunk.

Microsoft's recent security disclosure of CVE-2020-1472 is extremely harmful to systems that have not been patched or lack mitigations in place. Learn how to prevent and detect CVE-2020-1472 using Splunk Attack Range.

Modular Workbooks allow you to effortlessly adapt your security operations workflow. Learn how Splunk Phantom SOAR can help divide tasks into phases, assign responsibilities to team members, and document your work.

The Splunk Add-on for OT Security expands existing Splunk Enterprise Security frameworks to improve security visibility in OT environments for our customers, partners and community members.

In this blog, the Splunk threat research team shows how to detect suspicious activity and possible abuse of AWS Permanent and Temporary credentials.

In part 2 of our 3-part series, we walk you through how to use Splunk Security-Content, Attack Range and CircleCI to do detection development, continuous testing and deployment as a workflow in your SOC.

This blog is part 1 of a 3 part series that includes a step-by-step walk-through of how to use Splunk Security-Content, Attack Range and CircleCI to do detection development, continuous testing, and deployment as a workflow in your security operation center.

The UK NCSC published an advisory report that threat group APT29 most recently targeted organizations which are involved in COVID-19 vaccines development and testing. Find out if your organization is affected and which actions you need to take now.