Tag: Splunk Enterprise Security

In this blog, the Splunk threat research team shows how to detect suspicious activity and possible abuse of AWS Permanent and Temporary credentials.

Integrating MISP servers with Enterprise Security's Threat Intelligence framework

This is part three in a three part series on the Asset & Identity framework in Splunk Enterprise Security, focusing providing additional visibility and context to analysts with a notable event.

This is part two in a three part series on the Asset & Identity framework in Splunk Enterprise Security, focusing on adding additional field or attributes to further contextualize systems being monitored.

It’s a whole new world we’re living in, at least for now. This little tutorial will help you stay on top of your security game while in the world of Enterprise Security.

This is part one in a three part series on the Asset & Identity framework in Splunk Enterprise Security, focusing on gaining context on systems being monitored.

Using cloud infrastructure data model to detect possible container implantation (Mitre Cloud Matrix technique T1525)

The tradition continues! We are happy to announce that the Boss of the SOC (BOTS) v3 dataset has been released under an open-source license and is available for download.

In the second installment of our 'Meet the Doers' series, we sit down with Nate Plamondon to discuss how Splunk is protecting the Arizona State University from fraud and cyber attacks.