SPLUNK THREAT RESEARCH

Expert security knowledge at your fingertips

Integrate threat research into your SOC to streamline workflows and remediate threats faster.

splunk repsonse to solarwinds cyberattack

SolarWinds Cyberattack

Information and guidance to determine if you’re affected.

Amplify Splunk's security capabilities with expert knowledge and research

remediate threats faster

Remediate threats faster

Bring the knowledge of our experts into your security operations

realize faster time to value

Realize faster time to value

Get value quickly with pre-packaged detections and responses

focus on critical tasks

Focus on critical tasks

Spend less time writing or testing searches or detections

THE CHALLENGE

Stay ahead of emerging threats

The security landscape is ever-changing and security practitioners don’t have enough time to do it all due to:

  • Too many alerts
  • Staff shortages
  • No allocated time for threat hunting
  • No in-house threat research team

 

Let us help you establish a plan against new threats with tactical guidance.

stay ahead of emerging threats stay ahead of emerging threats

OUR SOLUTION

Power your SOC with readily available security content

Use out-of-the-box use cases, detection searches and playbooks to help your team strengthen defenses against the latest threats.

 

how to guide how to guide

How-to guides for remediating threats

Apply our research to streamline operations.

Analytic Stories
Analytic stories are security use cases supported by our threat research team’s pre-built detections and responses.

Deployments
Learn how to configure the schedule and alert actions for any available security content.

how to guide how to guide
threat visibility threat visibility

Better threat visibility with detection searches

Strengthen your security posture by leveraging custom detection searches to identify vulnerabilities and cyber attacks quickly.

threat visibility threat visibility
playbook automation playbook automation

Playbook automation for SOC efficiency

Start automating mundane, repetitive tasks so that your team can focus on mission-critical alerts.

 

30 minutes
Mean time to respond before automation

30 seconds
Mean time to respond after automation

playbook automation playbook automation

Access threat research

There are multiple ways you can leverage our threat research to increase your cyber defenses today. Get it in a product user interface by downloading the Enterprise Security Content Updates app or the Splunk Security Essentials app. Or you may access the detections and use cases on directly on web through Splunk Docs or our API.

FOR SECURITY PRACTITIONERS

Tools that turn data into doing

Extend the power of Splunk with  Apps, Add-Ons, resources and more.

Tools

attack range attack range

Attack Range

Attack Range allows security practitioners to test detection searches against cyber attacks in a simulated production environment.

attack data attack data

Attack Data

Use generated attack data with Attack Range to test detection searches in a simulated environment.

enterprise security enterprise security

Enterprise Security Content Update (ESCU) App

Pre-packaged security content to guide teams on how to address ongoing time-sensitive threats, attack methods and other security issues.

Blogs

using splunk to detect abuse of aws credentials using splunk to detect abuse of aws credentials

Cloud Federated Credential Abuse & Cobalt Strike: Threat Research February 2021

ci/cd detection ci/cd detection

CI/CD Detection Engineering: Splunk’s Security Content, Part 1

using splunk to test data desctruction using splunk to test data desctruction

Using Splunk Attack Range to Test and Detect Data Destruction (ATT&CK 1485)

data exfiltration data exfiltration

Detecting Data Exfiltration Via the Use of SNICat

Resources

kubernetes kubernetes

How Splunk gives actionable relief to torture testing Kubernetes across multicloud

simulated adversary techniques simulated adversary techniques

Simulated Adversary Techniques Datasets for Splunk

cloud detections cloud detections

Developing cloud detections using Cloud Attack Range

Release Notes

Enterprise Security Content Updates v3.17.0

Enterprise Security Content Updates v3.16.0

Enterprise Security Content Updates v3.15.0

Enterprise Security Content Updates v3.14.0

Enterprise Security Content Updates v3.13.0

Need more help?

Join the user group Slack channel to chat directly with our security research team.

Get Started

Accelerate your cloud-driven security transformation today