December 2021

Simulating, Detecting, and Responding to Log4Shell with Splunk

Dec 17, 2021 By Splunk Threat Research Team In Splunk

For more information on how to respond to the Log4j vulnerabilities using Splunk products, please see our Log4Shell response overview page. Like most cybersecurity teams, the Splunk Threat Research Team (STRT) has been heads-down attempting to understand, simulate, and detect the Log4j attack vector. This post shares detection opportunities STRT found in different stages of successful Log4Shell exploitation.

Read Post

Splunk

Read more about Simulating, Detecting, and Responding to Log4Shell with Splunk

The Power of Splunk: Security

Dec 16, 2021 By Splunk In Splunk

Shape-shifting threats. Nefarious plots. A deluge of alerts. Nope, it’s not a new sci-fi movie. These are the things security teams are up against today. But Splunk is here to help. Watch the video to see how Splunk helps companies defeat threats and outsmart risks.

View Video

Splunk

Read more about The Power of Splunk: Security

The SANS Holiday Hack Challenge 2021 - An Interview with Ed Skoudis

Dec 15, 2021 By Splunk In Splunk

For the past three years, Splunk has contributed an objective to the SANS Holiday Hack Challenge. In this interview, Splunk’s Dave Herrald sits down (virtually) with Ed Skoudis of SANS to discuss the Holiday Hack Challenge, Splunk’s involvement, and stories of CTFs gone by.

View Video

Splunk

Read more about The SANS Holiday Hack Challenge 2021 - An Interview with Ed Skoudis

Splunk SOAR Playbooks: TruSTAR Indicator Enrichment

Dec 14, 2021 By Philip Royer In Splunk

SOAR use cases come in all shapes and sizes, but almost all of them rely on threat intelligence to determine the risk posed by the various indicators in the event. Our two new community playbooks leverage Splunk Intelligence Management (previously TruSTAR) to gather intelligence about indicators and enable rapid manual response by an analyst within a single prompt.

Read Post

Splunk

Read more about Splunk SOAR Playbooks: TruSTAR Indicator Enrichment

Log Jammin'- Detecting Log4j 2 RCE Using Splunk

Dec 10, 2021 By Ryan Kovar In Splunk

Authors and Contributors: As always, security at Splunk is a family business. Credit to authors and collaborators: Ryan Kovar, Shannon Davis, Marcus LaFerrera, John Stoner, James Brodsky, Dave Herrald, Audra Streetman, Johan Bjerke, Drew Church, Mick Baccio, Lily Lee, Tamara Chacon, Ryan Becwar. If you want just to see how to find detections for the Log4j 2 RCE, skip down to the “detections” sections.

Read Post

Splunk

Read more about Log Jammin'- Detecting Log4j 2 RCE Using Splunk

Active Directory Lateral Movement Detection: Threat Research Release, November 2021

Dec 10, 2021 By Splunk Threat Research Team In Splunk

The Splunk Threat Research Team recently updated the Active Directory Lateral Movement analytic story to help security operations center (SOC) analysts detect adversaries executing these techniques within Windows Active Directory (AD) environments. In this blog post, we’ll describe some of the detection opportunities available to cyber defenders and highlight detections from the analytic story.

Read Post

Splunk

Read more about Active Directory Lateral Movement Detection: Threat Research Release, November 2021

Splunk TV - TV Companion

Dec 9, 2021 By Splunk In Splunk

Introducing Splunk TV Companion, an iPad App that allows you to remotely control the content of multiple TVs. Save a dashboard layout on multiple TVs as a shortcut to quickly switch content when responding to alerts, or or split a single dashboard across a grid of TVs. Whether you have several TVs in a single location or are remotely managing a group of TVs across the globe, use Splunk TV to coordinate your workforce around important events from a central location and rapidly bring dashboards to the attention of those who need it.

View Video

Splunk

Read more about Splunk TV - TV Companion

Splunk TV - TV Power User Demo

Dec 9, 2021 By Splunk In Splunk

See a demo of how Splunk TV supports power user features such as set/unset/depends and rejects tokens, the submit button, non global form-inputs and multi instance registration. Splunk TV enables you to optimize the dashboard display experience and securely display all your content without the need for any interactivity.

View Video

Splunk

Read more about Splunk TV - TV Power User Demo

Splunk SOAR Playbooks: TruSTAR Indicator Enrichment

Dec 9, 2021 By Splunk In Splunk

This playbook shows how Splunk Intelligence Management (formerly TruSTAR) normalized indicator enrichment is captured within the notes of a container for an analyst to view details and specify subsequent actions directly within a single Splunk SOAR prompt for rapid manual response.

View Video

Splunk

Read more about Splunk SOAR Playbooks: TruSTAR Indicator Enrichment

Slack: Turning Data into Doing

Dec 9, 2021 By Splunk In Splunk

Combining data and collaboration is essential to thriving in the Data Age. Slack’s Director of Product Security Larkin Ryder chats with Splunk security maven Jane Wong about why Slack and Splunk are a match made in heaven. Plus, she reveals her predictions for the future of work and what our current climate means for the state of security.

View Video

Splunk

Read more about Slack: Turning Data into Doing

Splunk Live Chat with The Hill: Cybersecurity Trends in the Public Sector

Dec 8, 2021 By Splunk In Splunk

Join the LIVE cybersecurity discussion featuring: Topic: How cybersecurity in the public sector space has shifted over the course of the last year due to the introduction of cybersecurity legislation and federal agencies’ focus on Zero Trust as well as key federal certifications like FedRAMP and IL5.

View Video

Splunk

Read more about Splunk Live Chat with The Hill: Cybersecurity Trends in the Public Sector

Listen To Those Pipes: Part 2

Dec 8, 2021 By Shannon Davis In Splunk

This blog post is part thirty of the "Hunting with Splunk: The Basics" series. Shannon Davis provided the first half of this blog on pipe hunting in part twenty-nine, and will now run through the second half! – Ryan Kovar

Read Post

Splunk

Read more about Listen To Those Pipes: Part 2

Listen To Those Pipes: Part 1

Dec 6, 2021 By Shannon Davis In Splunk

If you haven’t already read the episode on process hunting, I recommend that you go back and do so, at least for a couple of my jokes, and to help keep our clicks/metrics up. Where that episode concentrated on tracking processes, this blog will concentrate on, you guessed it, pipes. And due to the depth I tried to go with this one, it has been split into a two-part series, so make sure to come back for the second part after you’ve finished this one.

Read Post

Splunk

Read more about Listen To Those Pipes: Part 1

Splunk For OT Security: Perimeter And Vulnerability Evolution

Dec 2, 2021 By Chris Duffey In Splunk

Owners and operators of Operational Technology (OT) environments are being increasingly tasked with providing more information and security controls for their OT Environments, whether those demands are driven by the board, executive orders, or new regulations. One of the biggest fallacies that we encounter when our customers begin monitoring their OT environment is the idea that OT systems are air gapped and completely isolated from IT systems.

Read Post

Splunk

Read more about Splunk For OT Security: Perimeter And Vulnerability Evolution

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2021

Simulating, Detecting, and Responding to Log4Shell with Splunk

The Power of Splunk: Security

The SANS Holiday Hack Challenge 2021 - An Interview with Ed Skoudis

Splunk SOAR Playbooks: TruSTAR Indicator Enrichment

Log Jammin'- Detecting Log4j 2 RCE Using Splunk

Active Directory Lateral Movement Detection: Threat Research Release, November 2021

Splunk TV - TV Companion

Splunk TV - TV Power User Demo

Splunk SOAR Playbooks: TruSTAR Indicator Enrichment

Slack: Turning Data into Doing

Splunk Live Chat with The Hill: Cybersecurity Trends in the Public Sector

Listen To Those Pipes: Part 2

Listen To Those Pipes: Part 1

Splunk For OT Security: Perimeter And Vulnerability Evolution

Monthly Archive

Follow Us