SURGe Blogs

Windows and endpoints go together like threat hunting and Splunk. Let's look at the most valuable Sysmon event codes for threat hunting in Splunk.

Curious about threat hunting in Splunk? Wanna brush up on your baddie-finding skills? Here's the place to find every one of our expert articles for hunting with Splunk.

DNS data is an all-too-common place for threats. Find out how to use Splunk to hunt for threats in your DNS. We will slay those DNS dragons.

In this blog post, we dive into our recent research project, in which the Splunk SURGe team analyzed more than five billion TLS certificates to find out if the CAs we rely on are really worthy of our trust.

Welcome to the third entry in our introduction to the PEAK Threat Hunting Framework! Taking our detective theme to the next level, imagine a tough case where you need to call in a specialized investigator. For these unique cases, we can use algorithmically-driven approaches called Model-Assisted Threat Hunting (M-ATH).

Satisfy internal and external compliance requirements using Splunk standard components.

Details on hypothesis-driven threat hunting with the PEAK framework.

As AI / Machine Learning (ML) systems now support millions of daily users, has our understanding of the relevant security risks kept pace with this wild rate of adoption?

Introducing the PEAK Threat Hunting Framework, bringing a fresh perspective to threat hunting and incorporating three distinct types of hunts.