Security Blogs
Latest Articles
Being Your Own Detective with SA-Investigator
This post of the Back to Basics Hunting series with Splunk discusses how to use the new SA-Investigator add-on for Enterprise Security to dig deep into your datamodels and find the evil lurking within.
Splunk Named in Gartner 2017 Critical Capabilities for SIEM Report
Splunk was named in the Gartner 2017 Critical Capabilities for Security Information and Event Management report and received the highest score in the Basic Security Monitoring Use Case
Staff Picks for Splunk Security Reading: January 2018
A monthly series of staff picked content from the Splunk security world. Each month will have a new selection of Splunk security presentations, white papers, or blog posts that you might have missed.
Not All SIEM Solutions Are Created Equal
See how Splunk's analytics-driven SIEM solution tackles real-time security monitoring, advanced threat detection, forensics and incident management
Security Update: Meltdown and Spectre vulnerabilities
Splunk CISO, Joel Fulton, provides update regarding Meltdown/Spectre vulnerabilities
Configuring JA3 with Bro for Splunk
Configuring Bro to output JA3 signatures and how to ingest that data into Splunk
Ensuring Success with Splunk ITSI - Part 1: Thresholding Basics
Practical step-by-step guidance to configure ITSI to produce accurate and trusted alerts
Detecting Typosquatting, Phishing, and Corporate Espionage with Enterprise Security Content Update
Splunk’s Enterprise Security Content Update (ESCU) app can provide you with early warnings and situational awareness—powerful elements of an effective defense against adversaries
Tall Tales of Hunting with TLS/SSL Certificates
TLS and SSL certificates are a great way to hunt advanced adversaries. Collect them with Splunk Stream, Bro, or Suricata and hunt in your own data!
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
