How it works
Integrate top-tier detections and defenses into your security — without needing to build them from scratch. Enable security content through Splunk Security Essentials or the Enterprise Security Content Update app. You can view the full repository of detections, use cases, and machine learning models on the Splunk Security Content site.
Equip your team with security tools and content to proactively defend against the newest observed tactics, techniques, and procedures in the wild. Test your detection searches against cyber attacks in a simulated environment utilizing open source tools from the Splunk Threat Research Team: Attack Range, Attack Data Repository and Melting Cobalt.
Address your most pressing security challenges faster by tapping into the knowledge and experience of a team of industry-recognized experts. Read in-depth research authored by the Splunk Threat Research Team breaking down the latest threats and detection methodologies, and join the #security-research room in the Splunk Slack channel.
Learn how the Splunk Threat Research Team develops detections for Splunk security products.
Study Threats
Identify emerging threats and understand how they operate
Generate Datasets
Collect data and use Splunk to parse the data and identify patterns that can be used to detect the threat
Build Detections
Build rules or queries designed to identify specific activity associated with the threat
Test Detections
Run queries against a dataset that simulates attacker behavior to improve accuracy and reduce false positives
Release
Package detections to deliver timely and effective protections against emerging threats to Splunk customers
Machine and deep learning detections to learn from data, identify patterns, and make decisions to help alert you to threats and anomalous behavior buried within vast amounts of data.
Protect your business and elevate your security operations with a best-in-class data platform, advanced analytics and automated investigations and response.
Automatically detect and analyze the most complex credential phishing and malware threats.
Industry-defining SIEM to quickly detect, investigate, and respond to threats.
Work smarter by automating repetitive security tasks, respond to incidents in seconds, and increase analyst productivity and accuracy to better protect your business.
Secure against unknown threats through user and entity behavior analytics using machine learning.