Tag: Rapid Response Guides

The Splunk SURGe team shares an outline of their interpretation of the CVE-2022-3602 vulnerability and what you can do to detect it in your environment.

Get a closer look at the Atlassian Confluence Vulnerability CVE-2022-26134, including a breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.

The Splunk SURGe team offers a closer look into the Follina MS Office RCE, including a breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.

Good news, you can use Splunk to proactively hunt using Network Traffic and DNS query logs data sources to detect potential Log4Shell exploit. From Splunk SURGe, learn even more detections against CVE-2021-44228.

A serious remote code execution (RCE) vulnerability (CVE-2021-44228) in the popular open source Apache Log4j logging library poses a threat to thousands of applications and third-party services that leverage this library. From Splunk SURGe, learn how you can detect Log4j 2 RCE using Splunk.

Learn about the Colonial Pipeline ransomware attack and how you can start detecting and remediating DarkSide's activities and attack using Splunk.

Implement security playbooks to automatically delete Microsoft Exchange Webshells and terminate W3WP spawned processes with Splunk Phantom.

Even if you haven’t uncovered Microsoft Exchange Vulnerabilities and malicious behavior, it is important to continue monitoring, particularly as more actors look to leverage these vulnerabilities for their own purposes.

This blog discusses how to detect HAFNIUM activity around the recent CVEs released affecting Exchange Server using Splunk and Splunk Enterprise Security.