Skip to main content

Splunk Threat Research Team

Integrate top-tier detections and defenses into your security operations to find and remediate threats faster.

How it works

Built-in threat research and detections to fuel the modern SIEM


Expand your security coverage with pre-built detections

Integrate top-tier detections and defenses into your security — without needing to build them from scratch. Enable security content through Splunk Security Essentials or the Enterprise Security Content Update app. You can view the full repository of detections, use cases, and machine learning models on the Splunk Security Content site.

threat research tools

Stay ahead of the latest threats with cutting-edge security tools

Equip your team with security tools and content to proactively defend against the newest observed tactics, techniques, and procedures in the wild. Test your detection searches against cyber attacks in a simulated environment utilizing open source tools from the Splunk Threat Research Team: Attack Range, Attack Data Repository and Melting Cobalt.


Supplement your team with trusted security advisors

Address your most pressing security challenges faster by tapping into the knowledge and experience of a team of industry-recognized experts. Read in-depth research authored by the Splunk Threat Research Team breaking down the latest threats and detection methodologies, and join the #security-research room in the Splunk Slack channel.

threat research blogs

Splunk Detection Engineering Process

Learn how the Splunk Threat Research Team develops detections for Splunk security products.

detection engineering process

Study Threats

Identify emerging threats and understand how they operate 


Generate Datasets

Collect data and use Splunk to parse the data and identify patterns that can be used to detect the threat


Build Detections

Build rules or queries designed to identify specific activity associated with the threat


Test Detections

Run queries against a dataset that simulates attacker behavior to improve accuracy and reduce false positives



Package detections to deliver timely and effective protections against emerging threats to Splunk customers 

Videos and presentations

Learn more about tools and analytic stories from the Splunk Threat Research Team and how they can help you defend against threats.

Machine learning for security

Machine and deep learning detections to learn from data, identify patterns, and make decisions to help alert you to threats and anomalous behavior buried within vast amounts of data.

Related security products

Protect your business and elevate your security operations with a best-in-class data platform, advanced analytics and automated investigations and response.

Go to Security Overview
attack-analyzer attack-analyzer

Splunk Attack Analyzer

Automatically detect and analyze the most complex credential phishing and malware threats.

View Product Details
enterprise-security enterprise-security

Splunk Enterprise Security

Industry-defining SIEM to quickly detect, investigate, and respond to threats.

View Product Details

Splunk SOAR

Work smarter by automating repetitive security tasks, respond to incidents in seconds, and increase analyst productivity and accuracy to better protect your business.

View Product Details
Splunk User Behavior Analytics Splunk User Behavior Analytics

Splunk User Behavior Analytics

Secure against unknown threats through user and entity behavior analytics using machine learning.

View Product Details

Rapid response to high-profile security events

Gain early contextual awareness and initial response techniques for high-profile security events from SURGe by Splunk.


Explore more from Splunk

Top Cybersecurity Threats

Learn about some of the biggest security threats and how to detect and respond to them with Splunk.

Get the E-Book