Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
Staff Picks for Splunk Security Reading January 2024
Welcome to the January Splunk staff picks blog – a curated list of presentations, whitepapers, and customer case studies that Splunk security experts feel are worth a read.
Security Insights: Jenkins CVE-2024-23897 RCE
In response to CVE-2024-23897, the Splunk Threat Research Team has developed new security detections and hunting queries to support defenders.
Security Insights: Tracking Confluence CVE-2023-22527
In response to CVE-2023-22527, the Splunk Threat Research Team has developed new security detections to support defenders.
Security Insights: Investigating Ivanti Connect Secure Auth Bypass and RCE
The Splunk Threat Research Team has swiftly developed Splunk analytics and hunting queries, helping defenders quickly adapt and respond to emerging threats CVE-2023-46804 and CVE-2024-21887.
Hypothesis-Driven Cryptominer Hunting with PEAK
A sample hypothesis-driven hunt, using SURGe's PEAK threat hunting framework, looking for unauthorized cryptominers.
AI: Keep Your Feet on the Ground
Splunk is excited about AI, but we're keeping our boots on the ground as we partner with customers to leverage AI to improve efficiency while continuing the essentials via Splunk’s platform.
Enter The Gates: An Analysis of the DarkGate AutoIt Loader
The Splunk Threat Research Team (STRT) provides a deep dive analysis of the DarkGate malware and its use of AutoIt.
Ghost in the Web Shell: Introducing ShellSweep
Splunk introduces ShellSweep, a suite of utilities designed to detect and combat malicious web shells in servers.
Hunting M365 Invaders: Blue Team's Guide to Initial Access Vectors
Discover insights from the Splunk Threat Research Team on Microsoft 365 threat detection, focusing on data source analysis and effective methods for hunting initial access threats.
OT Security Is Different, Isn’t IT?
Explore the differences between OT security and IT security, delving into industry-specific challenges and solutions, with insights into the Purdue Model and how Splunk can help.
Staff Picks for Splunk Security Reading December 2023
Splunk security experts share their December list of presentations, whitepapers, and customer case studies that they feel are worth a read.
Splunk Enterprise Security 7.3 Delivers a Refined Analyst Experience and Enhanced Risk Context for Seamless Incident Triage
Announcing Splunk Enterprise Security 7.3, delivering a refined analyst experience and enhanced risk context for seamless incident triage.
Introducing Our New SOAR Integrations: Why Panorama and FortiManager Users Should Be Excited
The Splunk SOAR team shares more on the latest firewall management apps introduced in Splunk SOAR 6.2.
Old School vs. New School
The Splunk SURGe team examines the claim that generative AI will empower threat actors to improve the scale and/or efficiency of their spear-phishing campaigns.
Deploy, Test, Monitor: Mastering Microsoft Defender ASR with Atomic Techniques in Splunk
Explore Microsoft Defender ASR's role in cybersecurity with Splunk and learn deployment, testing, and monitoring strategies for robust defense.
Updated Baseline Creation and Dashboards in OT Security Add-on for Splunk Version 2.3
Version 2.3 of the OT Security Add-on for Splunk is here and it delivers three main updates.
SOC Models: In-House, Out-Sourced, or Hybrid SOC?
Splunk's Kirsty Paine shares best practices from a roundtable held at Gartner Security & Risk Management Summit 2023.
Reduce Operational Complexity with Splunk SOAR Logic Loops
Learn about the logic loops feature introduced in Splunk SOAR version 6.2 and how you can implement them in your own use cases and playbooks.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
