Security Research Blogs

Welcome to Splunk’s Threat Hunter Intelligence Report, a monthly series brought to you by Splunk’s threat hunting and intelligence (THI) team sharing the latest cybersecurity threats and trends to help organizations stay one step ahead of adversaries, one report at a time.

Splunk's heading to RSAC 2021, are you? Take a peak at our upcoming sessions and don't forget to tune into our CEO Doug Merritt's keynote when he takes the RSAC main stage.

Discover how the Splunk Threat Research Team focused their research efforts on Clop Ransomware detections to help organizations detect abnormal behavior faster before it becomes detrimental.

A review of the Pulse Secure attack where the threat actor connected to the network via a the Pulse Secure virtual private network (VPN), moved laterally to its SolarWinds Orion server, installed the SUPERNOVA malware, and collected credentials, all while masquerading the procdump.exe file and renamed it as splunklogger.exe.

Learn how AWS and these Splunk products work together to help you strengthen your security posture and defend against threats to your environment.

Even if you haven’t uncovered Microsoft Exchange Vulnerabilities and malicious behavior, it is important to continue monitoring, particularly as more actors look to leverage these vulnerabilities for their own purposes.

Learn about the latest emerging threats, such as Cloud Federated Credential Abuse and Cobalt Strike, where bad actors are abusing credential privileges in cloud environments to gain unauthorized access.

Splunk's Security Research team was busy this past quarter generating attack data for 80% of all our detections. A step forward in validating and testing our security content and ensuring we can continually test detections via continuous integration and continuous delivery (CI/CD).

This blog is the first in a mini-series of blogs where we aim to explore and share various aspects of our security team’s mindset and learnings. In this post, we will introduce you to how our own security and threat research team develops the latest security detections using ML.