Looking for the latest Splunk security content? You’ve come to the right place! This page is updated quarterly with all the latest security content details.
This blog post covers security content developed November 2024 - January 2025. Jump straight to the updates below, or read on to learn more about:
See the latest Splunk Security Content >
Splunk continuously monitors the threat landscape to develop, test, and deliver security content to help identify and respond to vulnerabilities and cyber attacks within your environment.
Splunk provides a variety of security content, all of which is designed to help you make the most of your Splunk environment. This includes:
Splunk’s out-of-the-box detection searches are created to help identify patterns and alert you to threats and anomalous behavior.
All detection searches relevant to a particular threat are packaged in the form of analytic stories (also known as use cases).
A collection of pre-built automation playbooks that are designed to help users tackle specific use cases.
Take advantage of security content in two ways:
Both apps allow you to deploy the over 1,900 out-of-the-box searches to start detecting, investigating and responding to threats. You can also view the full security content repository by visiting research.splunk.com.
And with that information, we can move onto the latest content. Let's take a look!
Below you will find a brief table of contents, followed by an overview of the security content developed from November 2024 - January 2025.
The Splunk Threat Research Team created several new analytic stories to help identify activity related to various malware threats:
The team also created new content focusing on specific threat actors: Earth Estries and Nexus. The Earth Estries analytic story includes searches to help teams identify activities that may relate to the cyber espionage-focused campaigns that Earth Estries is known for. The Nexus APT Threat Activity analytic story helps monitor for indicators potentially related to this group’s efforts to target high-value sectors.
In addition, the Splunk Threat Research Team provided a deep dive into Security Descriptor Definition Language (SDDL) controls and how adversaries leverage SDDL misconfigurations for nefarious purposes. You can get the full details in the blog “Hey SDDL SDDL: Breaking Down Windows Security One ACE at a Time.” This blog also covers available security content from the Defense Evasion or Unauthorized Access Via SDDL Tampering analytic story to help identify malicious SDDL misconfigurations.
Lastly, the Critical Alerts analytic story provides detections designed to monitor critical alerts data from various security sources in Splunk, which can help teams identify potential threats sooner.
The Meduza Stealer analytic story includes detections to help identify activity related to this stealer, which targets sensitive information like login credentials and financial details. Learn more about this threat in the blog “Meduza Stealer Analysis: A Closer Look at its Techniques and Attack Vector.”
The Braodo Stealer analytic story includes detections to help identify the Braodo Stealer malware, which is designed to steal sensitive information like credentials, cookies, and system data. To learn more about this threat and the security content included in this analytic story, check out the blog ”Cracking Braodo Stealer: Analyzing Python Malware and Its Obfuscated Loader.”
Finally, the team created the Cleo File Transfer Software analytic story to help identify activity related to CVE-2024-50623, a vulnerability that can lead to exploitation of versions of Cleo Harmony, VLTrader, and LexiCom.
Looking for previous security content updates? Check out the previous quarters of security content roundups from the Spunk Threat Research Team. Stay tuned to that page and this one — we're updating them every quarter!
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.