Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
Splunk SOAR Playbooks: Suspicious Email Domain Enrichment
This playbook focuses specifically on domain names contained in the ingested email, and it uses Cisco Umbrella Investigate to add the risk score, risk status, and domain category to the event in Splunk SOAR.
Cybersecurity’s Moneyball Transformation
What do baseball and cybersecurity have in common? Nothing, at first glance. But, take a deeper look and you can see the glaring similarities. That's because cybersecurity is going through its Moneyball transformation right now. Read this blog post to learn more.
TruSTAR Intel Workflows Series: Shifting from App-Centric to Data-Centric Security Operations
TruSTAR recently introduced API 2.O featuring TruSTAR Intel Workflows. This blog series will explain our motivations for building this feature, how it works, and how users can better inform security operations.
Clop Ransomware Detection: Threat Research Release, April 2021
Discover how the Splunk Threat Research Team focused their research efforts on Clop Ransomware detections to help organizations detect abnormal behavior faster before it becomes detrimental.
Splunk and Zscaler Utilize Data and Zero Trust to Eradicate Threats
Splunk and Zscaler have partnered to deliver a superior approach to security. Our tightly integrated, best-of-breed cloud security and security analytics platforms deliver a cloud experience for the modern, cloud-first enterprise.
SUPERNOVA Redux, with a Generous Portion of Masquerading
A review of the Pulse Secure attack where the threat actor connected to the network via a the Pulse Secure virtual private network (VPN), moved laterally to its SolarWinds Orion server, installed the SUPERNOVA malware, and collected credentials, all while masquerading the procdump.exe file and renamed it as splunklogger.exe.
Streamlining Vulnerability Management with Splunk Phantom
Manage the entire lifecycle of vulnerability management with automation and orchestration using Splunk’s SOAR technology, Splunk Phantom, to automate actions and reduce the time spent on patch management by 40%.
Monitoring Pulse Connect Secure With Splunk (CISA Emergency Directive 21-03)
Our Splunk security experts share a closer look at the Pulse Connect Secure attack, including a breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.
Elevate Your Cloud Security Posture with Splunk and Google Cloud
It’s more critical than ever to secure your company data and protect your workloads in the cloud. This blog post is a roundup of latest technical resources and product capabilities by both Google Cloud & Splunk to enhance your threat prevention, detection, and response techniques, regardless of where you are in your business-transforming cloud journey.
The Data-Centric Revolution: Restoring Sanity to Enterprise Security Operations
TruSTAR CEO and Co-Founder, Patrick Coughlin, recently sat down with Dave McComb, President of Semantic Arts, to talk through what it means to be Data-Centric in a Data-Driven world.
Introducing Splunk Attack Range v1.0
The Splunk Attack Range project has officially reached the v1.0 release – read on to learn how we got here, what features we’ve built for v1.0 and what the future looks like for Splunk Attack Range.
Detecting Clop Ransomware
As ransomware campaigns continue, malicious actors introduce different modus operandi to target their victims. In this blog, we’ll be taking a look at the Clop ransomware. This crimeware was discovered in 2019 and is said to be used for an attack that demanded one of the highest ransom amounts in recorded history.
Endpoint Security Data Collection Strategy: Splunk UF, uberAgent, or Sysmon?
Many threats originate from the endpoint and detecting them requires insights into what happens on the endpoint. In this post we look at different endpoint activity data sources, comparing the benefits and capabilities of Splunk Universal Forwarder with vast limits uberAgent and homegrown solutions.
Taking Automation Beyond the SOC With Advanced Network Access Control
Learn how you can scale IT operational processes and enhance network performance by leveraging security orchestration, automation and response (SOAR) tools such as Splunk Phantom.
Advanced Link Analysis: Part 2 - Implementing Link Analysis
Learn how to step-by-step process to building the dashboard with Sigbay Link Analysis visualization app from scratch.
Detecting AWS IAM Privilege Escalation
The Splunk Threat Research team develops security research to help SOC analysts detect adversaries attempting to escalate their privileges and gain elevated access to AWS resources. Learn how we simulate these attacks using Atomic Red Team, collect and analyze the AWS cloudtrail logs, and utilize pre-packaged Splunk detections to detect these threats.
Splunk SOAR Playbooks: Conducting an Azure New User Census
Learn how to use automated playbooks to monitor new user accounts to ensure that threat actors like Hafnium cannot leverage the Active Directory system to exploit vulnerabilities.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
Connect with Splunk on Instagram
Follow @Splunk
