Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
Solving User Monitoring Use Cases With Splunk Enterprise Security
We all know Splunk’s data platform is capable of delivering incredible analytics and insights at scale, but how do we tie that power with all of the security content and premium solutions for security that Splunk provides? I thought it would be a good idea to jot some thoughts down about some common high level security use cases becauseI get asked this question so much.
What Do Organizations Value Most in a SIEM/Security Analytics Provider? In a Word: Actionability
According to 451 Research’s Voice of the Enterprise survey data, 64% say integration and correlation of threat intelligence is very important when selecting a SIEM vendor. Learn where Splunk Enterprise Security can give you actionable insights.
Hunting for Detections in Attack Data with Machine Learning
Learn how to leverage the real-world and simulated attack data that Splunk's Threat Research team collected to use machine learning to discover attack activity and identify how to transform insights into detections.
Splunk SOAR: Anyone Can Automate
If you haven’t heard the news, Splunk Phantom is now Splunk SOAR – available both on-prem and in the cloud. Read on to find out what that means for you.
Threat Advisory: Telegram Crypto Botnet STRT-TA01
The Splunk Threat Research Team (STRT) has detected the resurface of a Crypto Botnet using Telegram, a widely used messaging application that can create bots and execute code remotely. Learn more about the indicators of the botnet operation and use our pre-built and tested detections to find them in your environment.
Trickbot Detections: Threat Research Release, July 2021
The Splunk Threat Research Team (STRT) addressed Trickbot in the July release. Trickbot is a very popular crimeware carrier (Trojan) associated with current campaigns.
Staff Picks for Splunk Security Reading July 2021
These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read. If you would like to read other months, please take a peek at previous posts in the "Staff Picks" series!
Conti Threat Research Update and Detections
In this blog, the Splunk Threat Research team will show you how to use Splunk Attack Range to simulate cyber attacks from the Conti Ransomware group. It will also have pre-built detections that you can use to detect them in your environment.
Detecting SeriousSAM CVE-2021-36934 With Splunk
SeriousSAM or CVE-2021-36934 is a Privilege Escalation Vulnerability. The Splunk Threat Research team recommends performing an assessment to better understand the impact of this vulnerability in corporate environments.
Security Modernization Starts with Data and Splunk at Black Hat 2021
It’s time to take that breach vacation and get the inside scoop at what Splunk has happening at Black Hat 2021.
Get Started with Splunk for Security: Splunk Security Essentials
Splunk Security Essentials (SSE) is now part of the Splunk security portfolio and fully supported with an active Splunk Cloud or Splunk Enterprise license. Start using SSE and apply prescriptive guidance and deploy pre-built security detections in your Splunk environment.
Detecting Trickbot with Splunk
The Splunk Threat Research Team has assessed several samples of Trickbot, a popular crimeware carrier that allows malicious actors to deliver multiple types of payloads. Use our pre-built Splunk detections to detect Trickbots.
API 2.0: TruSTAR Operationalizes Data Orchestration and Normalization for a New Era in Intelligence Management
TruSTAR announces new features making intelligence more actionable by simplifying intelligence ingestion, automating data flows and better informing SIEM, SOAR and Vulnerability Management programs.
Data Exfiltration Detections: Threat Research Release, June 2021
Check out detections from the Splunk Threat Research team to detect data exfiltration – also known as data extrusion, data exportation, and data theft – in your environment.
Five Questions Your Organization Must Ask to Prepare For a Ransomware Attack
What questions should organizations be asking themselves and what steps should they take to prevent or mitigate the next ransomware threat? Splunk's Yassir Abousselham has put together a quick set of questions we’re asking at Splunk that can help you.
What's New with Splunk Enterprise Security 6.6?
Learn about the latest and greatest features of Splunk Enterprise Security 6.6.
Ransomware Groundhog Day: Elevating Your Program in a High-Threat Environment
REvil attackers exploited Kaseya, a highly trusted management software. Here's how security leaders can take actionable steps to improve your business's defenses.
I Scream, You Scream, We All Scream For BOTS!
We are excited to announce our August Boss of the SOC (BOTS) V event! What’s new in BOTS V? I’m glad you asked. This year, we find our favorite brewery, Frothly, converting to a remote model and embracing the cloud for ‘all the things.'
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
