Splunk Threat Research Team's Blog Posts

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository.

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content.

Dark Crystal RAT Agent Deep Dive
Security
9 Minute Read

Dark Crystal RAT Agent Deep Dive

The Splunk Threat Research Team (STRT) analyzed and developed Splunk analytics for this RAT to help defenders identify signs of compromise within their networks.
Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis
Security
11 Minute Read

Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis

The Splunk Threat Research Team shares how they utilized public research to capture Brute Ratel Badgers (agents) and create a Yara rule to help identify more on VirusTotal.
Machine Learning in Security: NLP Based Risky SPL Detection with a Pre-trained Model
Security
7 Minute Read

Machine Learning in Security: NLP Based Risky SPL Detection with a Pre-trained Model

The Splunk Threat Research Team shares a closer look at a hunting analytic and two machine learning-based detections that help find users running highly suspicious risky SPL commands.
Follina for Protocol Handlers
Security
5 Minute Read

Follina for Protocol Handlers

The Splunk Threat Research Team shares how to identify protocol handlers on an endpoint, different ways to simulate adversary tradecraft that utilizes a protocol handler, and a piece of inspiring hunting content to help defenders identify protocol handlers being used in their environment.
AppLocker Rules as Defense Evasion: Complete Analysis
Security
24 Minute Read

AppLocker Rules as Defense Evasion: Complete Analysis

The Splunk Threat Research Team analyzes 'Azorult loader' (a payload that imports its own AppLocker rules) to understand the tactics and techniques that may help defend against these types of threats.
ML Detection of Risky Command Exploit
Security
6 Minute Read

ML Detection of Risky Command Exploit

Discover how to use machine learning algorithms to develop methods for detecting misuse or abuse of risky SPL commands to further pinpoint a true security threat.