Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
The State of Security 2023: Collaboration Is Essential For Building Resilience
Explore the trends and findings in our new report, The State of Security 2023, detailing research on the challenges and opportunities ahead for security leaders and teams.
Using Workflow Actions & OSINT for Threat Hunting in Splunk
Two things will make you a more efficient & effective security analyst: OSINT and workflow actions in Splunk. We've got you covered in this article.
Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise
In this Splunk blog post, we aim to equip defenders with the necessary tools and strategies to actively hunt down and counteract this campaign. Additionally, we will offer some resilient analytic ideas that can serve as a foundation for future threat detection and response efforts.
Who's the Boss? EMEA Boss Of The SOC DAY 2023
Boss of the SOC (BOTS) is Splunk’s blue-team capture the flag-esque competition in which defenders use Splunk’s suite of security products to find APT threats, discover attacks and figure out what happened to our favorite virtual organization “Frothly Brewing Co.”
What Generative AI Means For Cybersecurity: Risk & Reward
Learn the risks and rewards of generative AI in cybersecurity.
Staff Picks for Splunk Security Reading March 2023
In this month's Staff Picks blog, our Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.
AsyncRAT Crusade: Detections and Defense
The Splunk Threat Research Team explores detections and defense against the Microsoft OneNote AsyncRAT malware campaign.
My Username Fields Have Passwords in Them! What Do I Do?
Sometimes, users put their password into a username field and it gets logged into Splunk – learn how to identify this behavior and remediate it with SOAR.
Breaking the Chain: Defending Against Certificate Services Abuse
Explore the common certificate abuses leveraged by current and relevant adversaries in the wild, the multiple methods they use to obtain certificates, how to gather relevant logs and ways to mitigate adversaries stealing certificates.
Machine Learning in Security: Detecting Suspicious Processes Using Recurrent Neural Networks
Splunk's Kumar Sharad explains how to detect suspicious processes using recurrent neural networks.
Strengthen Digital Resilience with Unified Security Operations
Splunk Mission Control offers a unified, simplified, and modernized security operations experience which reduces complexity and reduces risk.
Overcome Cybersecurity Challenges to Improve Digital Resilience
Discover how embracing automation, unifying security operations and tackling security as a data problem helps organizations overcome the challenges posed to cybersecurity effectiveness and digital resilience.
Threat Advisory: SwiftSlicer Wiper STRT-TA03
The Splunk Threat Research Team shares a closer look at the SwiftSlicer wiper, a new payload discovered by ESET and found in a recent January 2023 campaign.
Don’t boil the ocean: A technologist’s take on prioritisation in sustainability
Even if manufacturing isn’t close to your heart, you’d have to be pretty cold not to care about sustainability in 2023. Let's get a technologist’s take on prioritisation in sustainability.
Splunk Observability & Security Weeks - Best Practices for Strong Cyber Resilience and Business Success
This March, we are holding two weeks of virtual sessions across EMEA, packed with thought provoking and educational content to suit everyone. Whether your area of expertise is in security or IT & observability — we’ve got you covered.
Staff Picks for Splunk Security Reading February 2023
Explore the latest list of presentations, whitepapers, and customer case studies that our Splunk security experts feel are worth a read.
Fantastic IIS Modules and How to Find Them
This blog showcases how to enable and ingest IIS operational logs, utilize PowerShell scripted inputs to ingest installed modules and simulate AppCmd and PowerShell adding new IIS modules and disable HTTP logging using Atomic Red Team.
All the Proxy(Not)Shells
The Splunk Threat Research Team walks through exploitation of ProxyShell and ProxyNotShell using MetaSploit, and hunts through data in Splunk to showcase different avenues for defenders to identify malicious activity.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
