San Francisco, CA, USA
Oct 15, 2021   |  By Jane Wong
The security landscape is ever-changing, intensified by more sophisticated threats, and an increasing number of employees working from home leading to an expanding attack surface. Security professionals are tasked with maintaining a secure environment against a plethora of threats, manifested in thousands of alerts and events that are generated by security controls every day.
Oct 13, 2021   |  By Tom Smit
If you’re like me, you’ve occasionally found yourself staring at the Splunk search bar trying to decide how best to analyze a series of data, iterating against one or more fields. If your brain gravitates towards traditional programming syntax, the first thing that pops into your mind may be application of a for or while loop (neither of which follow Turing convention in SPL). With commands like stats, streamstats, eventstats, or foreach at your disposal, which one should a hunter use?
Oct 6, 2021   |  By John Stoner
For those who have played our Boss of the SOC competition or attended our security workshops, you are undoubtedly aware of Frothly, but in case you are not, here is a quick primer. Frothly is a fictional brewing supply company based in San Francisco who has successes and challenges, just like any other organization.
Oct 4, 2021   |  By Splunk Threat Research Team
The Splunk threat research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing discovery and reconnaissance tasks within Active Directory environments. In this blog post, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PoshC2 & PurpleSharp to then collect and analyze the resulting telemetry to test our detections.
Sep 30, 2021   |  By Splunk Threat Research Team
Malicious actors are constantly finding new ways to deliver their malicious payloads. With the recent migration of businesses moving to web application-based services, file storage, email, calendar, and other channels have become valuable means for delivering malicious code and payloads. In some instances, these services are abused as Command and Control infrastructure since many enterprises trust these services by default.
Sep 29, 2021   |  By Shannon Davis
Quite often you are in the middle of a security incident or just combing through your data looking for signs of malicious activity, and you will want to trace the activity or relationships of a particular process. This can be a very time-consuming and frustrating task if you try to brute force things (copying/pasting parent and child process IDs over and over again). And in the heat of battle, you may miss one item that could have led you to something interesting.
Sep 27, 2021   |  By Jane Wong
What was once the thing of spy movies and industrial espionage news headlines is now, sadly, a common occurrence for public organizations and private enterprises around the globe. Insiders… employees, consultants, partners… have emerged as one of the most immediate and serious threats facing IT and cyber security teams and practitioners today. It is not however because every insider has turned malicious.
Sep 17, 2021   |  By Splunk Threat Research Team
The Splunk Threat Research Team recently evaluated ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging to assist enterprise defenders in finding malicious PowerShell scripts. This method provides greater depth of visibility as it provides the raw (entire) PowerShell script output. There are three sources that may enhance any defender's perspective: module, script block and transcript logging.
Sep 16, 2021   |  By Olivia Courtney
Security analysts know this situation well: inundated by alerts, alternating between 10 different security tools, and feeling the pressure of responding to each and every threat. It’s typically around this point that SOC teams realize it’s humanly impossible to process the amount of data that needs to be processed, and they should start looking for a solution. Gretchen White, Chief Information Security Officer at Minnesota Judicial Courts, experienced this firsthand.
Sep 9, 2021   |  By Chris Tozzi
Cyber attacks come in many forms, but they almost always share one trait in common: they are carried out over the network. Although there are exceptions, the network is usually the entry point that attackers use to launch whichever exploits, data thefts, or other intrusions they aim to impose upon a business.
Sep 27, 2021   |  By Splunk
Splunk SOAR’s Main Dashboard provides an overview of all your data and activity, notable events, playbooks, connections with other security tools, workloads, ROI, and so much more.
Sep 27, 2021   |  By Splunk
Analysts are often overwhelmed with a large volume of security events. Splunk SOAR makes event management easy by consolidating all events from multiple sources into one place. Analysts can sort and filter events to identify high fidelity notable events and prioritize action.
Sep 27, 2021   |  By Splunk
Case management functionality is built into Splunk SOAR. Using workbooks, you can codify your standard operating procedures into reusable templates. Splunk SOAR supports custom and industry standard workbooks such as the NIST-800 template for incident response. You can divide tasks into phases, assign tasks to team members, and document your work.
Sep 27, 2021   |  By Splunk
Splunk SOAR’s orchestration, automation, response, collaboration, and case management capabilities are also available from your mobile device.
Sep 27, 2021   |  By Splunk
Splunk SOAR’s custom functions allow you to share custom code across playbooks while introducing complex data objects into the execution path. These aren’t just out-of-the-box playbooks, but out-of-the-box custom blocks that save you time and effort. These capabilities provide the building blocks for scaling your automation, even to those without coding capabilities.
Sep 8, 2021   |  By Splunk
Today, cloud and digital transformations have changed our environments dramatically and the old way of doing security just isn’t cutting it. It’s time for a new approach. Join us to hear from our VP of Security Products, Jane Wong and Head of Intelligence Platform, Patrick Coughlin how you can build an analytics-fueled, automation-driven and cloud-delivered security operation with Splunk Security Cloud.
Sep 2, 2021   |  By Splunk
Ryan Kovar and Mick Baccio from the Splunk security gang sit down for snarky yet useful commentary about critical infrastructure memos, America's government cyber leaders, 'Murica's risky data, and a 60 second recap of Black Hat and DEF CON.
Aug 18, 2021   |  By Splunk
Watch this demo to learn more about key capabilities of Splunk SOAR, including orchestration, automation, playbook development, case management, and collaboration functionality.
Aug 18, 2021   |  By Splunk
Splunk SOAR playbooks automate security and IT actions at machine speed. Playbooks execute a sequence of actions across your tools in seconds, vs hours or more if you perform them manually. Splunk SOAR comes with 100 pre-made playbooks out of the box, so you can start automating security tasks right away. Splunk SOAR’s visual playbook editor makes it easier than ever to create, edit, implement and scale automated playbooks to help your business eliminate security analyst grunt work. *Users can build and edit playbooks in the original horizontal visual playbook editor, or the vertical visual playbook editor introduced in August 2021.
Oct 21, 2018   |  By Splunk
The hype around artificial intelligence (AI) and machine learning (ML) has exploded, sometimes overshadowing the real uses and innovations happening everyday at organizations across the globe. The reality is that applying AI and ML to data-dependent challenges presents opportunity for better security, faster innovation and overall improved efficiency.
Jun 1, 2018   |  By Splunk
Cyberattacks are top of mind for organizations across the globe. In fact, 62 percent of firms are being attacked at least weekly and 45 percent are experiencing a rise in the number of security threats. But do organizations have the processes in place to investigate and effectively respond to these incidents? IDC recently surveyed security decision makers at 600 organizations to understand the state of security operations today.
Jun 1, 2018   |  By Splunk
Do you have a plan for cybersecurity? Digital technology is touching every aspect of our lives, which is giving bad actors unlimited runway to create new threats daily. It's this atmosphere that makes it imperative that organizations are prepared, informed and actively hunting for adversaries.
May 25, 2018   |  By Splunk
How can you utilize machine data to be prepared for the General Data Protection Regulation of the European Union?
Apr 1, 2018   |  By Splunk
A security information event management (SIEM) solution is like a radar system that pilots and air traffic controllers use. Without one, enterprise IT is flying blind. Although security appliances and system software are good at catching and logging isolated attacks and anomalous behavior, today's most serious threats are distributed, acting in concert across multiple systems and using advanced evasion techniques to avoid detection.
Apr 1, 2018   |  By Splunk
Security incidents can happen without warning and they often go undetected for long periods of time. Organizations struggle to identify incidents because they often work in silos or because the amount of alerts is overwhelming and hard to determine the signals among the noise.
Mar 1, 2018   |  By Splunk
All data is security relevant and defending against threats involves every department in a company. With cyberthreats and bad actors constantly evolving, it is imperative for everyone in an organization to come together to identify and protect critical data.
Feb 1, 2018   |  By Splunk
Recent cyberattacks have made it clear that organizations of all sizes need to focus on a holistic and cohesive security strategy. Security operations centers (SOCs) have become a focal point in this effort, consolidating the right people, processes and technology to mitigate and remediate attacks.
Jan 1, 2018   |  By Splunk
Current IT security tools and mindsets are no longer adequate to meet the scope and complexity of today's threats. Internet security has evolved over the last ten years but advanced persistent threats and the sophistication of the malware have fundamentally changed the way security teams must think about these new threats and the tools used for detective controls.

Splunk produces software for searching, monitoring, and analyzing machine-generated big data, via a Web-style interface.

Splunk turns machine data into answers. Regardless of your organization’s size and industry, Splunk can giveyou the answers you need to solve your toughest IT, security and business challenges—with the option todeploy on-premises, in the cloud or via a hybrid approach.

Work the Way Your Data Works:

  • Real-Time: Splunk gives you the real-time answers you need to meet customer expectations and business goals.
  • Machine Data: Use Splunk to connect your machine data and gain insights into opportunities and risks for your business.
  • Scale: Splunk scales to meet modern data needs — embrace the complexity, get the answers.
  • AI and Machine Learning: Leverage artificial intelligence (AI) powered by machine learning for actionable and predictive insights.

Any Question. Any Data. One Splunk.