Splunk Security Content for Threat Detection & Response: September Recap

Security Splunk Threat Research Team

In September, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security Content Update (ESCU) app (v5.14.0, v5.15.0, v5.15.2). With these releases, there are 21 new analytics and 7 new analytic stories now available in Splunk Enterprise Security via the ESCU application update process.

Content highlights include:

The team also published a blog focusing on Audit Logs and Microsoft Office365 Copilot Activity Logs using Splunk Add-on for Microsoft Office 365. This Splunk Add-on allows Splunk to pull service status, service messages and management activity logs from Office 365 Management API.

For all our tools and security content, please visit research.splunk.com.

Related Articles

Updated Keyword App
Security
1 Minute Read

Updated Keyword App

Splunk Security Content for Threat Detection & Response: April Recap
Security
5 Minute Read

Splunk Security Content for Threat Detection & Response: April Recap

In April, the Splunk Threat Research Team had 2 releases of new security content via the Enterprise Security Content Update app.
Endpoint Security Data Collection Strategy: Splunk UF, uberAgent, or Sysmon?
Security
4 Minute Read

Endpoint Security Data Collection Strategy: Splunk UF, uberAgent, or Sysmon?

Many threats originate from the endpoint and detecting them requires insights into what happens on the endpoint. In this post we look at different endpoint activity data sources, comparing the benefits and capabilities of Splunk Universal Forwarder with vast limits uberAgent and homegrown solutions.