Splunk Threat Research Team's Blog Posts

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository.

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content.

Introducing Splunk Attack Range v2.0
Security
6 Minute Read

Introducing Splunk Attack Range v2.0

The Splunk Attack Range project has officially reached the v2.0 release with a host of new features – get all the details from the Splunk Threat Research Team.
Threat Update: Industroyer2
Security
11 Minute Read

Threat Update: Industroyer2

The Splunk Threat Research Team offers an analysis of relevant detection opportunities of one of the new malicious payloads found by the Ukranian CERT named 'Industroyer2.'
Threat Update: AcidRain Wiper
Security
10 Minute Read

Threat Update: AcidRain Wiper

The Splunk Threat Research Team shares the details on the new malicious payload named AcidRain, designed to wipe modem or router devices (CPEs).
Springing 4 Shells: The Tale of Two Spring CVEs
Security
10 Minute Read

Springing 4 Shells: The Tale of Two Spring CVEs

The Splunk Threat Research Team (STRT) shares detection opportunities in different stages of successful Spring4Shell exploitation.
Detecting Active Directory Kerberos Attacks: Threat Research Release, March 2022
Security
14 Minute Read

Detecting Active Directory Kerberos Attacks: Threat Research Release, March 2022

Learn more about the Splunk Threat Research Team's new analytic story to help SOC analysts detect adversaries abusing the Kerberos protocol to attack Windows Active Directory environments
Threat Update: Cyclops Blink
Security
6 Minute Read

Threat Update: Cyclops Blink

The Splunk Threat Research Team shares the latest on the payload named Cyclops Blink, which seems to target Customer Premise Equipment devices (CPE) generally prevalent in commercial and residential locations enabling internet connectivity.