This blog is part two of Splunk's Sunburst Backdoor response aimed at providing additional guidance to our customers (you can read part one, "Using Splunk to Detect Sunburst Backdoor," by Ryan Kovar). In this blog, we’ll cover how to ingest threat indicators to combat Sunburst Backdoor in Splunk Enterprise Security (ES).

TL;DR: This blog contains some immediate guidance on using Splunk Core and Splunk Enterprise Security to protect (and detect activity on) your network from the Sunburst Backdoor malware delivered via SolarWinds Orion software. Splunk’s threat research team will release more guidance in the coming week. Also please note that you may see some malicious network activity but it may not mean your network is compromised. As always review carefully.

The global pandemic has fueled a rapid digital transformation — and led to permanent shifts in cybersecurity. In a recent joint webinar with Bryan McAninch, senior solutions engineer at Splunk, and guest speaker Chris Kissel from IDC, "Sp(e)lunking Security with MITRE ATT&CK® featuring IDC Research," they shared seven overarching trends in cybersecurity for 2021. One notable, but foundational, trend mentioned was the need to understand risk.

Well, it’s been a while since you read a blog dedicated to the latest release – okay, the latest several releases – of Splunk Security Essentials (SSE). We have been busy behind the scenes, however, so let’s catch you up on SSE’s latest features, which include the new version of our content API, and externally with updates from MITRE and the release of ATT&CK v7.2 (with Sub-Techniques) and ATT&CK v8.