The Splunk Threat Research Team explores how to detect and prevent malicious drivers and discusses Splunk Security Content available to defend against these types of attacks.
In our first blog in the Splunk RBA series, we introduced Risk-Based Alerting (RBA) and covered the basic principles of RBA. In the rest of this series, we explain how you can plan and then implement RBA within your organization.
Explore the trends and findings in our new report, The State of Security 2023, detailing research on the challenges and opportunities ahead for security leaders and teams.
In this Splunk blog post, we aim to equip defenders with the necessary tools and strategies to actively hunt down and counteract this campaign. Additionally, we will offer some resilient analytic ideas that can serve as a foundation for future threat detection and response efforts.
Explore the common certificate abuses leveraged by current and relevant adversaries in the wild, the multiple methods they use to obtain certificates, how to gather relevant logs and ways to mitigate adversaries stealing certificates.
This blog showcases how to enable and ingest IIS operational logs, utilize PowerShell scripted inputs to ingest installed modules and simulate AppCmd and PowerShell adding new IIS modules and disable HTTP logging using Atomic Red Team.
The Splunk Threat Research Team explores the common Windows Registry abuses leveraged by current and relevant malware families in the wild and how to detect them.