Rapid response guides
SURGe's initial technical guidance provides blue teams with a starting place to investigate a high-profile attack.
Detecting Supply Chain Attacks
Using Splunk and JA3/s hashes to detect malicious activity on critical servers
How to detect Log4j 2 Remote Code Execution (Continued)
Use Network Traffic and DNS query logs to detect potential Log4Shell exploitation
How to detect Log4j 2 Remote Code Execution
Detect and respond to CVE-2021-44228, a serious vulnerability of Log4j, using Splunk
EO, EO, It's Off to Work We Go!
Recommendations from the White House for protecting against ransomware
Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk
Finding the Microsoft vulnerabilities being exploited via Outlook Web Services (OWA)
Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…
An update on HAFNIUM Exchange Server activity
Automated Clean-Up of HAFNIUM Shells and Processes With Splunk SOAR
Using automation to remove webshells and terminate W3WP spawned processes
Using Splunk to Detect Sunburst Backdoor
Leveraging Splunk's network defense and incident response techniques to defend against Sunburst Backdoor
Detecting Supernova Malware: SolarWinds
How to detect Supernova malware that uses a zero-day vulnerability to install a trojanized .NET DLL
Monitoring Pulse Connect Secure With Splunk
Finding potential vulnerabilities in your Pulse Connect Secure appliance
Splunk’s Response to the SolarWinds Cyberattacks
A comprehensive list of materials to help you respond to SolarWinds
Onboarding Threat Indicators Into Splunk Enterprise Security
SolarWinds continued: Leveraging threat intelligence in your investigation
