Splunk Security Content for Threat Detection & Response: June Recap

Security Splunk Threat Research Team

In June, the Splunk Threat Research Team (STRT) had 1 release of new security content via the Enterprise Security Content Update (ESCU) app (v6.1.0). With this release, there are 5 analytic stories and 34 new analytics now available in Splunk Enterprise Security via the ESCU application update process.

Content highlights include:

For all our tools and security content, please visit research.splunk.com.

Related Articles

Infostealer Campaign against ISPs
Security
20 Minute Read

Infostealer Campaign against ISPs

The Splunk Threat Research Team observed actors performing minimal intrusive operations to avoid detection, with the exception of artifacts created by accounts already compromised.
Asset & Identity for Splunk Enterprise Security - Part 1: Contextualizing Systems
Security
4 Minute Read

Asset & Identity for Splunk Enterprise Security - Part 1: Contextualizing Systems

This is part one in a three part series on the Asset & Identity framework in Splunk Enterprise Security, focusing on gaining context on systems being monitored.
Defending Against npm Supply Chain Attacks: A Practical Guide to Detection, Emulation, and Analysis
Security
18 Minute Read

Defending Against npm Supply Chain Attacks: A Practical Guide to Detection, Emulation, and Analysis

Protect your software supply chain from npm attacks. Learn to use Package-Inferno and npm-threat-emulation for deep analysis and detection with Splunk SPL.