false

SolarWinds Cyberattack

Learn how it affects you, us and the world.

How the SolarWinds cyberattacks work

The SolarWinds cyberattack campaign — also called Solorigate or simply the SolarWinds hack — leverages vulnerabilities in SolarWinds Orion software to accomplish a supply chain attack. Malware was embedded into the digitally-signed software and multiple organizations were compromised as a result. The nature and extent of the situation continues to develop, but at least two distinct malware threats — Sunburst and Supernova — have been identified.

Solarwinds Cyberattack

How Splunk can help

Review and update your log types
Review and update your log types ingested into Splunk, then examine DNS, network, and host traffic logs for evidence of Sunburst malware activity.
Examine results of vulnerability scans
Examine results of vulnerability scans, hashes and proxy logs for evidence of Supernova webshell.
Search for unusual activity
Search for unusual activity from your directory and authentication providers for indications of a follow-on attack.
Look for other signs of lateral movement
Look for other signs of lateral movement from compromised hosts.
Expand monitoring across your IT infrastructure
Expand monitoring across your IT infrastructure and your entire software development lifecycle (SDLC)
FEATURED VIDEO

Security experts discuss the SolarWinds attack

Join security experts from Splunk for an in-depth discussion about the SolarWinds attack, and learn best practices and strategies to strengthen your defenses and respond..

Use the navigation button at the top right of the video to jump to the discussion topic of your choice.

Splunk Solutions for Security, IT and DevOps

Security TEAMS

Detect indicators in your environment

Streamline the onboarding process and search for threat indicators in your environment.

security-teams-graphic
Recover lost visibility of IT infrastructure
IT TEAMS

Recover lost visibility of IT infrastructure

Without SolarWinds Orion software, you lose visibility. Restore visibility with Splunk and monitor the health and operations of your IT infrastructure.

DevOps Teams

Protect your application development resources

Gain visibility into your software delivery chain from code repositories, secrets management, infrastructure-as-code, CI/CD automation and more. This can help your organization detect unauthorized changes to production applications and protect your customers.

Protect your application development resources
We’re here to help with your Security, IT and DevOps response.