Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
Our Splunk security experts share a closer look at the Pulse Connect Secure attack, including a breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.
Elevate Your Cloud Security Posture with Splunk and Google Cloud
It’s more critical than ever to secure your company data and protect your workloads in the cloud. This blog post is a roundup of latest technical resources and product capabilities by both Google Cloud & Splunk to enhance your threat prevention, detection, and response techniques, regardless of where you are in your business-transforming cloud journey.
The Data-Centric Revolution: Restoring Sanity to Enterprise Security Operations
TruSTAR CEO and Co-Founder, Patrick Coughlin, recently sat down with Dave McComb, President of Semantic Arts, to talk through what it means to be Data-Centric in a Data-Driven world.
Introducing Splunk Attack Range v1.0
The Splunk Attack Range project has officially reached the v1.0 release – read on to learn how we got here, what features we’ve built for v1.0 and what the future looks like for Splunk Attack Range.
Detecting Clop Ransomware
As ransomware campaigns continue, malicious actors introduce different modus operandi to target their victims. In this blog, we’ll be taking a look at the Clop ransomware. This crimeware was discovered in 2019 and is said to be used for an attack that demanded one of the highest ransom amounts in recorded history.
Endpoint Security Data Collection Strategy: Splunk UF, uberAgent, or Sysmon?
Many threats originate from the endpoint and detecting them requires insights into what happens on the endpoint. In this post we look at different endpoint activity data sources, comparing the benefits and capabilities of Splunk Universal Forwarder with vast limits uberAgent and homegrown solutions.
Taking Automation Beyond the SOC With Advanced Network Access Control
Learn how you can scale IT operational processes and enhance network performance by leveraging security orchestration, automation and response (SOAR) tools such as Splunk Phantom.
Advanced Link Analysis: Part 2 - Implementing Link Analysis
Learn how to step-by-step process to building the dashboard with Sigbay Link Analysis visualization app from scratch.
Detecting AWS IAM Privilege Escalation
The Splunk Threat Research team develops security research to help SOC analysts detect adversaries attempting to escalate their privileges and gain elevated access to AWS resources. Learn how we simulate these attacks using Atomic Red Team, collect and analyze the AWS cloudtrail logs, and utilize pre-packaged Splunk detections to detect these threats.
Splunk SOAR Playbooks: Conducting an Azure New User Census
Learn how to use automated playbooks to monitor new user accounts to ensure that threat actors like Hafnium cannot leverage the Active Directory system to exploit vulnerabilities.
Top In-Demand Cybersecurity Skills in the Upcoming Years
Automation is optimizing SOC workflows but also shaking up the cybersecurity workspace. Skills that were once in high demand are decreasing in value. Splunker Matthias Maier took a closer look into cybersecurity developments and shares which cybersecurity skills professionals should be focussing on in the upcoming years.
Staff Picks for Splunk Security Reading March 2021
These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read. If you would like to read other months, please take a peek at previous posts in the "Staff Picks" series!
Automated Clean-up of HAFNIUM Shells and Processes with Splunk Phantom
Implement security playbooks to automatically delete Microsoft Exchange Webshells and terminate W3WP spawned processes with Splunk Phantom.
Analytics-Based Investigation and Automated Response with AWS + Splunk Security Solutions
Learn how AWS and these Splunk products work together to help you strengthen your security posture and defend against threats to your environment.
Orchestrate Framework Controls to Support Security Operations with Splunk SOAR
Learn more about how to identify use cases for automation and dive deeper into the five steps of designing security workflows around framework regulations
Only the Paranoid Survive, Recast for Cybersecurity
At TruSTAR, we want to highlight stories of success in defending cyberspace that can propagate as best practices. Read more about human dependencies, technical challenges and defining data to be shared.
How to Marie Kondo Your Incident Response with Case Management & Foundational Security Procedures
Learn how successful security teams “Marie Kondo” their security operations, cleaning up their “visible mess” to identify the true source of “disorder” (the cyber attack itself).
Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…
Even if you haven’t uncovered Microsoft Exchange Vulnerabilities and malicious behavior, it is important to continue monitoring, particularly as more actors look to leverage these vulnerabilities for their own purposes.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
