Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
Get Started with Splunk for Security: Splunk Security Essentials
Splunk Security Essentials (SSE) is now part of the Splunk security portfolio and fully supported with an active Splunk Cloud or Splunk Enterprise license. Start using SSE and apply prescriptive guidance and deploy pre-built security detections in your Splunk environment.
Detecting Trickbot with Splunk
The Splunk Threat Research Team has assessed several samples of Trickbot, a popular crimeware carrier that allows malicious actors to deliver multiple types of payloads. Use our pre-built Splunk detections to detect Trickbots.
API 2.0: TruSTAR Operationalizes Data Orchestration and Normalization for a New Era in Intelligence Management
TruSTAR announces new features making intelligence more actionable by simplifying intelligence ingestion, automating data flows and better informing SIEM, SOAR and Vulnerability Management programs.
Data Exfiltration Detections: Threat Research Release, June 2021
Check out detections from the Splunk Threat Research team to detect data exfiltration – also known as data extrusion, data exportation, and data theft – in your environment.
Five Questions Your Organization Must Ask to Prepare For a Ransomware Attack
What questions should organizations be asking themselves and what steps should they take to prevent or mitigate the next ransomware threat? Splunk's Yassir Abousselham has put together a quick set of questions we’re asking at Splunk that can help you.
What's New with Splunk Enterprise Security 6.6?
Learn about the latest and greatest features of Splunk Enterprise Security 6.6.
Ransomware Groundhog Day: Elevating Your Program in a High-Threat Environment
REvil attackers exploited Kaseya, a highly trusted management software. Here's how security leaders can take actionable steps to improve your business's defenses.
I Scream, You Scream, We All Scream For BOTS!
We are excited to announce our August Boss of the SOC (BOTS) V event! What’s new in BOTS V? I’m glad you asked. This year, we find our favorite brewery, Frothly, converting to a remote model and embracing the cloud for ‘all the things.'
REvil Ransomware Threat Research Update and Detections
On July 2, 2021, REvil group used Kaseya to distribute malware to its on-premises customers. Splunk has pushed out guidance to help understand and detect REvil. Learn more about the REvil ransomeware group, their tactics, and how to detect them using Splunk.
Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt
Kaseya VSA, remote monitoring management (RMM) software heavily used by managed service providers (MSP), was compromised by REvil, and is being used to distribute ransomware to its on-premises customers. Find out more on how to detect REvil in your environment.
Fashionably Late: The Zero Trust Trend is Here to Stay
Whether you were hip to the zero trust trend before it started being cool, or are arriving fashionably late, learn how to leverage a data-driven approach to achieve zero trust outcomes and improve the overall security capabilities of the organization in the process.
I Pity the Spool: Detecting PrintNightmare CVE-2021-34527
Read on for details around Detect PrintNightmare (CVE-2021-34527), a critical vulnerability that affects the Print Spooler service and can perform remote code execution.
SOARing to the Clouds with Splunk SOAR
Now available as part of Splunk Cloud, Splunk SOAR further delivers on our promise to modernize security operations – read on to learn more.
Introducing the World’s First Modern Cloud-Based SecOps Platform: Splunk Security Cloud
Announcing the new Splunk Security Cloud – the only data-centric modern security operations platform that delivers enterprise-grade advanced security analytics, automated security operations, and threat intelligence with an open, unparalleled ecosystem.
Splunk SOAR Playbooks: GCP Unusual Service Account Usage
In this new Splunk SOAR Playbook, we'll show how a Splunk Enterprise search can trigger automated enrichment, an analyst prompt, and rapid response actions to prevent damage caused by malicious account access.
Super Speed with Phantom Slash Commands
Splunker Olivia Courtney shares a walkthrough of what you can do with the power of Phantom Slash Commands to investigate Splunk Phantom events.
Detecting Password Spraying Attacks: Threat Research Release May 2021
The Splunk Threat Research team walks you through a new analytic story to help SOC analysts detect adversaries executing password spraying attacks, and highlights a few detections from the May 2021 releases.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
Connect with Splunk on Instagram
Follow @Splunk
