Splunk Security Content for Threat Detection & Response: August Recap

Security Splunk Threat Research Team

In August, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security Content Update (ESCU) app (v5.11.0, v5.12.0, v5.13.0). With these releases, there are 8 new analytics and 32 new analytic stories now available in Splunk Enterprise Security via the ESCU application update process.

Content highlights include:

This demo video showcases Xworm attacks and Splunk detections finding the different ways it executes on an OS.

Related Articles

Matching AI Strengths to Blue Team Needs
Security
6 Minute Read

Matching AI Strengths to Blue Team Needs

Discover how AI and Large Language Models (LLMs) enhance cybersecurity operations for Blue Teams.
Hyperledger Fabric Security Monitoring with Splunk
Security
3 Minute Read

Hyperledger Fabric Security Monitoring with Splunk

In this post, we demonstrate how to set up effective security monitoring of your Hyperledger Fabric infrastructure. We identify some common threats, recognize key data sources to monitor, and walk through using Splunk to ingest and visualize your data.
Detecting Google Cloud Platform OAuth Token Abuse Using Splunk
Security
5 Minute Read

Detecting Google Cloud Platform OAuth Token Abuse Using Splunk

Google Cloud Platform's Identity Access Management (IAM) permissions can be used to move laterally and escalate privileges. Learn how to detect GCP OAuth token abuse and remediate these events with Splunk.