Security Blogs
Security
3 Min Read
Announcing the availability of Cisco Talos Incident Response services to Splunk customers.
Latest Articles
Introducing Splunk Add-On for Splunk Attack Analyzer & Splunk App for Splunk Attack Analyzer
Announcing the launch of the Splunk Add-on for Splunk Attack Analyzer and Splunk App for Splunk Attack Analyzer.
Splunk Named #1 SIEM Provider in the 2022 IDC Market Share for SIEM for 3rd Time in a Row
Splunk has been named as the #1 SIEM provider in the 2022 IDC Market Share for SIEM for the third time in a row.
Driving the vSOC with Splunk
Splunker Jim Goodrich explains how Splunk drives innovation for the Vehicle Security Operations Center (vSOC).
How to Install and Configure Infosec Multicloud
Learn how to set up and optimize InfoSec MultiCloud for Splunk to help maximize your cloud security effortlessly in our step-by-step guide.
Splunk Wins Awards for SIEM, SOAR and More
Splunk wins four PeerSpot Tech Leader awards in the SIEM and SOAR categories. A special thanks goes out to all the reviewers who shared their Splunk experience.
Staff Picks for Splunk Security Reading September 2023
Our Splunk security experts curated their September 2023 list of presentations, whitepapers, and customer case studies that we feel are worth a read.
See More, Act Faster, and Simplify Investigations with Customizable Workflows from Splunk Enterprise Security 7.2
Introducing new capabilities that deliver an improved workflow experience for simplified investigations; enhanced visibility and reduced manual workload; and customized investigation workflows for faster decision-making.
Revisiting the Big Picture: Macro-level ATT&CK Updates for 2023
SURGe reviews the latest attacker trends and behaviors with this look at four years of ATT&CK data from some of the largest and most trusted threat reporting sources.
Defending the Gates: Understanding and Detecting Ave Maria (Warzone) RAT
The Splunk Threat Research Team provides a deep-dive analysis of Ave Maria RAT, also known as 'Warzone RAT.'
Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs
Splunk's Threat Research Team delves into the attack's components, usage of tools like Mockbin and headless browsers, and provides guidance on detecting such activities.
Using stats, eventstats & streamstats for Threat Hunting…Stat!
The stats command is a crucial capability when you’re threat hunting. And so are two related commands: eventstats & streamstats. Get all the details, right here.
Using metadata & tstats for Threat Hunting
Behold the power of metadata and tstats commands! These commands will quickly provide situational awareness of your hosts and sourcetypes as you begin hunting.
Threat Hunting for Dictionary-DGA with PEAK
Explore applied model-assisted threat hunting for dictionary-based domain generation algorithms using the SURGe Security Research Team's PEAK Threat Hunting Framework.
Deep Learning in Security: Text-based Phishing Email Detection with BERT Model
We introduced a large language model (LLM)-based phishing email detector integrated into the Splunk DSDL app. We provide details on model training and evaluation, comparisons to other machine learning and deep learning algorithms as well as deployment approaches to Splunk in this blog.
Sharing is Not Caring: Hunting for Network Share Discovery
This post offers a practical guide to enhancing detection strategies against network share discovery, a technique often used by threat actors.
Staff Picks for Splunk Security Reading August 2023
Splunk security experts share a list of presentations, whitepapers, and customer case studies from August 2023 that they feel are worth a read.
Key Threat Hunting Deliverables with PEAK
When most people think of threat hunting, they think of uncovering unknown threats – but that is only one of many (better) reasons to show value with threat hunting.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
