Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
Baseline Hunting with the PEAK Framework
Splunker David Bianco provides an in-depth look at baseline hunts, also known as Exploratory Data Analysis (EDA) hunts.
Machine Learning in Security: Detect DNS Data Exfiltration Using Deep Learning
This blog discusses in detail about detecting DNS data exfiltration attacks using deep learning
Peeping Through Windows (Logs): Using Sysmon & Event Codes for Threat Hunting
Windows and endpoints go together like threat hunting and Splunk. Let's look at the most valuable Sysmon event codes for threat hunting in Splunk.
UK TSA Regulations: SOC Teams, Get Ready!
The UK Telecommunications Security Act (TSA) compliance is coming and will be a new challenge for SOC teams. Splunk security evangelist Matthias Maier takes a closer look at requirements and shares an end-to-end use case as an example.
Staff Picks for Splunk Security Reading June 2023
Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.
Threat Hunting with Splunk: Hands-on Tutorials for the Active Hunter
Curious about threat hunting in Splunk? Wanna brush up on your baddie-finding skills? Here's the place to find every one of our expert articles for hunting with Splunk.
Identifying BOD 23-02 Network Management Interfaces with Splunk
Splunker Drew Church explains the CISA-released directive to reduce risk from internet-exposed management interfaces, highlighting the threat of external remote services.
The Lessons Learned in Cybersecurity 25 Years Ago Are Still Applicable to AI Today
Splunk's Paul Kurtz explores what we can learn from past events as AI accelerates the future.
The Security Detail Podcast: Exploring Cyber Threats Across Different Industries
SURGe, Splunk’s strategic security research team, examines the cyber threat landscape across different industries in a new podcast series called The Security Detail.
Detecting DNS Exfiltration with Splunk: Hunting Your DNS Dragons
DNS data is an all-too-common place for threats. Find out how to use Splunk to hunt for threats in your DNS. We will slay those DNS dragons.
Don’t Get a PaperCut: Analyzing CVE-2023-27350
The Splunk Threat Research team shares insights on the CVE-2023-27350 vulnerability, proof of concept scripts, setting up Splunk logging, and detecting adversaries for secure printing.
Splunk SOAR Playbook of the Month: Tackling Phishing Attempts with Identifier Reputation Analysis
Learn how you can use Splunk's identifier reputation analysis playbooks to implement a workflow that will help your team automate the alert and quarantine processes for potential threats based on key identifiers.
Do Not Cross The 'RedLine' Stealer: Detections and Analysis
The Splunk Threat Research Team provides a deep dive analysis of the RedLine Stealer threat and shares valuable insights to help enable blue teamers to defend against and detect this malware variant.
Staff Picks for Splunk Security Reading May 2023
Welcome to the Splunk staff picks, featuring a curated list of presentations, whitepapers, and customer case studies that our Splunk security experts feel are worth a read.
OCSF Goes Into High Gear with Amazon Security Lake Launch and New OCSF Release Candidate
Splunk's Paul Agbabian shares two new major OCSF developments – the general availability of Amazon Security Lake and Splunk Add-On for AWS v.7.0, and Release Candidate 3 launching for public review.
Your Roadmap to Success with Risk-Based Alerting
Splunker Haylee Mills dives deeper into the four levels of the Splunk Risk-Based Alerting journey.
Trust Unearned? Evaluating CA Trustworthiness Across 5 Billion Certificates
In this blog post, we dive into our recent research project, in which the Splunk SURGe team analyzed more than five billion TLS certificates to find out if the CAs we rely on are really worthy of our trust.
Model-Assisted Threat Hunting (M-ATH) with the PEAK Framework
Welcome to the third entry in our introduction to the PEAK Threat Hunting Framework! Taking our detective theme to the next level, imagine a tough case where you need to call in a specialized investigator. For these unique cases, we can use algorithmically-driven approaches called Model-Assisted Threat Hunting (M-ATH).
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
