Splunk Threat Research Team's Blog Posts

Splunk Threat Research Team

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository.

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content.

Bundled to Steal: The Salat Stealer Campaign
Security
12 Minute Read

Bundled to Steal: The Salat Stealer Campaign

Learn how the Salat Stealer campaign uses Go-based surveillance and data exfiltration, and explore its infection chain and how to hunt for this threat using Splunk.
Splunk Security Content for Threat Detection & Response: June Recap
Security
5 Minute Read

Splunk Security Content for Threat Detection & Response: June Recap

In June, the Splunk Threat Research Team (STRT) had 1 release of new security content via the Enterprise Security Content Update (ESCU) app (v6.1.0).
Splunk Security Content for Threat Detection & Response: May Recap
Security
5 Minute Read

Splunk Security Content for Threat Detection & Response: May Recap

In May, the Splunk Threat Research Team (STRT) had 2 releases of new security content via the Enterprise Security Content Update app.
Detecting Copy Fail (CVE-2026-31431)– Phenomenal Power, Ity Bity Script
Security
15 Minute Read

Detecting Copy Fail (CVE-2026-31431)– Phenomenal Power, Ity Bity Script

The Splunk Threat Research Team analyzes the VIP Keylogger malware to help improve your detection and threat-hunting strategies.
Behind the Code: The Layered Defense-Evasion of VIP Keylogger
Security
15 Minute Read

Behind the Code: The Layered Defense-Evasion of VIP Keylogger

The Splunk Threat Research Team analyzes the VIP Keylogger malware. Learn about its evasion tactics, including obfuscation and steganography, to improve your detection and threat-hunting strategies.
Splunk Security Content for Threat Detection & Response: May 2026 Update
Security
5 Minute Read

Splunk Security Content for Threat Detection & Response: May 2026 Update

Looking for the latest Splunk security content? This page is updated quarterly with all the latest security content details.