Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
FIN7 Tools Resurface in the Field – Splinter or Copycat?
The Splunk Threat Research team addresses the two tools used by the well-organized and highly-skilled criminal group FIN7 — JSS Loader and Remcos.
Play Now with BOTS Partner Experiences: Corelight
With the official launch of bots.splunk.com, we're pleased to announce Partner Experiences – capture the flag (CTF) on-demand challenges, built by a Splunk technology partner, running in Splunk, hosted on the BOTS platform and available for free.
Detecting IcedID... Could It Be A Trickbot Copycat?
IcedID is a trojan that has been used in recent malicious campaigns and with new defense bypass methods.
CISA’s Known Exploited Vulnerabilities Catalog and Splunk
Accompanying today’s announcement from CISA (BOD 22-01) and their new Known Exploited Vulnerabilities Catalog, SURGe and Splunk Threat Research Team (STRT) have coordinated to add functionality into Enterprise Security Content Updates (ESCU). This added functionality will help network defenders understand vulnerability context alongside relevant ESCU detections.
Staff Picks for Splunk Security Reading October 2021
Hi everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, white papers, and customer case studies that we feel are worth a read. This month we decided to switch things up and include some of our favorite .conf21 presentations. We hope you enjoy.
Splunk Partners with Singapore To Help Companies Enhance Cybersecurity
Raen Lim, Group Vice President, South Asia & Korea, shares how Splunk partners with the Singapore government to help the nation's small and medium-sized enterprises take a proactive stance toward addressing cyber threats.
Lift Your Spirits With Splunk SOAR
Halloween is just around the corner and we’re looking forward to trick-or-treating, donning our best costumes, and watching [scary] movies. Read on to learn how a few of our favorite Halloween movies remind us of our most recent Splunk SOAR updates.
High(er) Fidelity Software Supply Chain Attack Detection
Software supply chain attacks are not going away. As our network defenses improve, adversaries must move up the chain to stay a step ahead of our defenses.
No Regrets Using Autoregress
The autoregression command, which is a centralized streaming command, is used to calculate a moving average. Learn how to use this command to gather information, just in time for Boss of the SOC v6!
Active Directory Discovery Detection: Threat Research Release, September 2021
In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.
Investigating GSuite Phishing Attacks with Splunk
Splunk Threat Research Team (STRT) recently observed a phishing campaign using GSuite Drive file-sharing as a phishing vector. Learn more and deploy detections to prevent them in your environment.
Splunk and DTEX Systems Leverage Human Telemetry and Zero Trust to Mitigate Insider Risks and Account Compromise
Splunk and DTEX Systems have partnered to offer an integrated solution that captures, analyzes and streams a single, noise-free endpoint data signal.
Hunting for Malicious PowerShell using Script Block Logging
The Splunk Threat Research Team recently began evaluating ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging to assist enterprise defenders in finding malicious PowerShell scripts.
Partner Spotlight: Texas Bankers Association Operationalize Data Across Teams and Tools
TruSTAR, acquired by Splunk, recently spoke with Alvin Mills, TBA’s Vice President of Information Technology and Security to learn why the organization selected TruSTAR as its intelligence management platform for data-centric security automation.
PowerShell Detections — Threat Research Release, August 2021
Adversaries are using PowerShell attacks, but luckily the Splunk Threat Research Team (STRT) has developed PowerShell analytics for Splunk by using the Splunk Attack Range to collect the generated logs, and hunt for suspicious PowerShell.
Staff Picks for Splunk Security Reading August 2021
These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read. If you would like to read other months, please take a peek at previous posts in the "Staff Picks" series!
Partner Spotlight: NCU-ISAO Members Gain Actionable Intelligence with TruSTAR
We recently spoke with Brian Hinze, NCU-ISAO Vice President, Member Services and Operations, to learn more about why NCU-ISAO chose TruSTAR for intelligence management, and how member organizations are using TruSTAR for information sharing and collaboration.
Is Your Cyber Team Overwhelmed by System Alerts?
Wondering how to prevent alert fatigue and turnover within your cyber team? Learn how Splunk can help Cyber professionals with a more efficient way to view, assess, and prioritize system alerts before devoting time to investigations.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
