Tag: SURGe

Good news, you can use Splunk to proactively hunt using Network Traffic and DNS query logs data sources to detect potential Log4Shell exploit. From Splunk SURGe, learn even more detections against CVE-2021-44228.

A serious remote code execution (RCE) vulnerability (CVE-2021-44228) in the popular open source Apache Log4j logging library poses a threat to thousands of applications and third-party services that leverage this library. From Splunk SURGe, learn how you can detect Log4j 2 RCE using Splunk.

Splunk is proud to partner with the Rural Technology Fund (RTF) Golden Ticket fundraiser to support technology-related education and scholarships.

Accompanying today’s announcement from CISA (BOD 22-01) and their new Known Exploited Vulnerabilities Catalog, SURGe and Splunk Threat Research Team (STRT) have coordinated to add functionality into Enterprise Security Content Updates (ESCU). This added functionality will help network defenders understand vulnerability context alongside relevant ESCU detections.

Software supply chain attacks are not going away. As our network defenses improve, adversaries must move up the chain to stay a step ahead of our defenses.

Splunk has a new security research team focused on in-depth analysis of the latest cybersecurity news to help the public navigate security incidents with confidence using Splunk.

The autoregression command, which is a centralized streaming command, is used to calculate a moving average. Learn how to use this command to gather information, just in time for Boss of the SOC v6!

This blog post describes how to use VPC data from AWS in Splunk to hunt hunt hunt!

This blog post reviews AWS cloudtrail as a security logging source and how to hunt in it