Splunk Threat Research Team's Blog Posts

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository.

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content.

From Registry With Love: Malware Registry Abuses
Security
13 Minute Read

From Registry With Love: Malware Registry Abuses

The Splunk Threat Research Team explores the common Windows Registry abuses leveraged by current and relevant malware families in the wild and how to detect them.
Introducing Attack Range v3.0
Security
3 Minute Read

Introducing Attack Range v3.0

Explore the new features introduced in version 3.0 of the Splunk Attack Range, aimed at helping you build resilient, high-quality threat detections.
CISA Top Malware Summary
Security
8 Minute Read

CISA Top Malware Summary

This blog summarizes the Splunk Threat Research Team’s (STRT) recent review of the CISA Top 10 Malware strains for the year 2021 report.
Detecting Cloud Account Takeover Attacks: Threat Research Release, October 2022
Security
10 Minute Read

Detecting Cloud Account Takeover Attacks: Threat Research Release, October 2022

The Splunk Threat Research Team shares a closer look at the telemetry available in Azure, AWS and GCP and the options teams have to ingest this data into Splunk.
From Macros to No Macros: Continuous Malware Improvements by QakBot
Security
13 Minute Read

From Macros to No Macros: Continuous Malware Improvements by QakBot

This blog, the Splunk Threat Research Team (STRT) showcases a year's evolution of QakBot. We also dive into a recent change in tradecraft meant to evade security controls. Last, we reverse engineered the QakBot loader to showcase some of its functions.
Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis
Security
12 Minute Read

Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis

The Splunk Threat Research Team (STRT) describes the different tactics, techniques and procedures mapped to the ATT&CK framework leveraged by the Agent Tesla remote access trojan.