Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Software installer packages are a cornerstone of user-friendly software distribution. Tools like Inno Setup, NSIS (Nullsoft Scriptable Install System), and InstallShield help developers bundle their applications into a single, streamlined installer that users can run with just a few clicks. These installers often include everything needed to set up a program, files, configurations, and even system dependencies, making software installation seamless and accessible.

In this article, we’ll analyze how threat actors exploit TLS to hide their operations and how defenders can use exposed certificate metadata to detect them. We will discuss: Let’s get started! (This article is part of our Threat Hunting with Splunk series. We’ve updated it recently to maximize your value.)

XWorm, a popular and actively distributed remote access trojan (RAT), has steadily evolved into a versatile tool in the cybercriminal toolkit. Known for its robust feature set, ranging from keylogging and remote desktop access to data exfiltration and command execution, XWorm continues to attract threat actors due to its ease of use, modularity, and frequent updates by its developers.

Not all log management and log analysis tools are created equal. With organizations like yours generating large amounts of log data, understanding how to manage, analyze, and secure these log files is key for maintaining system performance, meeting compliance requirements, detecting performance issues, and responding to incidents faster.

Many Splunk Enterprise Security users are benefiting from machine learning (ML) without even realizing it. Splunk Enterprise Security quietly uses ML-driven anomaly detection to spot unusual patterns or outliers in your security data that static rules or thresholds might miss.

We’re excited to share that Splunk Attack Analyzer recently introduced the ability to translate content and achieved SOC 2 Type II certification.

“CISOs and SOC analysts are fighting the same war, but too often, one’s answering to the board while the other’s drowning in alerts.” Security teams rarely fail because of a lack of skill or commitment. They fail when the coordination layer between the boardroom and the SOC starts to unravel.

Whether you’re an Apple fan or not, one of the reasons people buy into their ecosystem is ease of setup across different devices. In a world where people customize the applications on their laptops to cross over with their mobile phones, an easy setup is a key to getting the most value from their devices. However, in the world of security information and event management (SIEM) solutions, the time to value often takes longer than most security teams want to admit.

We’re honored to share that Splunk has been named a Leader in The Forrester Wave: Security Analytics Platforms, Q2 2025. Splunk is committed to power the SOC of the Future by providing a unified threat detection, investigation, and response (TDIR) experience — no matter their deployment requirements.