Tag: Splunk Enterprise Security

Event Sequencing can take multiple notable events that are created from correlation searches and present them to the analysts as a set of linked notable events and help prioritize response when these chain of events occur.

Use machine learning techniques to identify outliers in security-related data with a new probability-density function algorithm in Splunk's Machine Learning Toolkit (MLTK)

Detect, investigate, and defend signs of phishing payloads in your environment with Splunk Enterprise Security Content Update (ESCU)

If you want to learn more about threat hunting with Splunk, this app in conjunction with the BOTSv2 data set is just the answer!

Splunker John Stoner shares a walkthrough for how to add local threat intelligence into Splunk Enterprise Security

How to modify the Incident Review page and add information to Notable Events in Splunk Enterprise Security

In the final episode in the MITRE ATT&CK trilogy, we focus on applying what we learned and operationalizing it with ATT&CK to assist our security operations

Using MITRE ATT&CK to focus your threat hunting in Splunk

We have open-sourced the Boss of the SOC dataset (ver1.0) and BOT(S|N) scoring server. They can be used to run your own CTF, perform research, or train your internal users!