Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
Answered: Your Most Burning Questions About Planning And Operationalizing MITRE ATT&CK
You asked, we answered. Splunker Matthias Maier compiled all of your most burning questions about planning and operationalizing MITRE ATT&CK in a blog post. Read all about it here.
Staff Picks for Splunk Security Reading April 2022
Check out our Splunk security experts' curated list of presentations, white papers, and customer case studies that we feel are worth a read in the month of April.
The Upsurge in Ransomware Attacks in Australia and Opportunities to Protect Data
Splunk's Mark Troselj explores the findings of Splunk SURGe's recent ransomware report and explains the importance of making risk mitigation a proactive and strategic focus.
STRT-TA03 CPE - Destructive Software
The Splunk Threat Research Team is monitoring several malicious payloads targeting Customer Premise Equipment (CPE) devices. These are defined as devices that are at customer (Commercial, Residential) premises and that provide connectivity and services to the internet backbone
Play Now with BOTS Partner Experiences: Dragos
We are pleased to announce a new Partner Experience – capture the flag (CTF) on-demand challenges, built by Splunk technology partner Dragos, running in Splunk, hosted on the BOTS platform and available for free!
State of Security Research Details Essential Strategies for the Year Ahead
Splunk's new research report, The State of Security 2022, shares a closer look into the challenges that security organizations face and the strategies they're relying on.
You Bet Your Lsass: Hunting LSASS Access
Dive in as the Splunk Threat Research Team shares how Mimikatz, and a few other tools found in Atomic Red Team, access credentials via LSASS memory.
Risk-Based Alerting: The New Frontier for SIEM
Risk-Based Alerting (RBA) is an intelligent alerting method with SIEM for security operations to operationalize cyber security frameworks like MITRE ATT&CK, Lockheed Martin's Killchain, or CIS20.
Threat Update: CaddyWiper
Get a breakdown of the features of the new malicious payload used against Ukraine, CaddyWiper.
Living Off The Land: Threat Research February 2022 Release
In this February 2022 release, the Splunk Threat Research Team (STRT) focused on comparing currently created living off the land security content with Sigma and the LOLBas project.
Threat Update DoubleZero Destructor
The Splunk Threat Research Team shares a closer look at a new malicious payload named DoubleZero Destructor (CERT-UA #4243).
Staff Picks for Splunk Security Reading March 2022
Check out our Splunk security experts' curated list of presentations, white papers, and customer case studies that we feel are worth a read in the month of March.
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
With the release of SURGe's new ransomware research, Splunker Shannon Davis shares a closer look into measuring how fast ransomware encrypts files.
Ransomware Encrypts Nearly 100,000 Files in Under 45 Minutes
Splunk SURGe Report reveals the need for ransomware prevention over response and mitigation.
Detecting HermeticWiper
Detecting HermeticWiper destructive software and ransomware decoy with Splunk.
Linux Persistence and Privilege Escalation: Threat Research January 2022 Release
In this January 2022 release, The Splunk Threat Research (STRT) team focused on the recently released Sysmon for Linux technology addition to Splunk.
Deep Dive on Persistence, Privilege Escalation Technique and Detection in Linux Platform
Deep dive with the Splunk Threat Research Team on Linux Privilege Escalation and Linux Persistence Techniques.
Staff Picks for Splunk Security Reading February 2022
Each month, Splunk security experts curate a list of news articles, research, white papers, and customer case studies that we feel are worth a read. We hope you enjoy!
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
