Q4 Roundup of Splunk Security Content for Threat Detection & Response

  • Home
  • Security
  • Q4 Roundup of Splunk Security Content for Threat Detection & Response

Q4 Roundup of Splunk Security Content for Threat Detection & Response

Looking for the latest Splunk security content? You’ve come to the right place! This page is updated quarterly with all the latest security content details.

This blog post covers all the security content developed November 2023 – January 2024. Jump straight to the updates below, or read on to learn more about:

  • How Splunk develops security content
  • The types of content we deliver
  • How to access security content

Splunk continuously monitors the threat landscape to develop, test, and deliver security content to help identify and respond to vulnerabilities and cyber attacks within your environment.

Types of Security Content

Splunk provides a variety of security content, all of which is designed to help you make the most of your Splunk environment. This includes:

Detections

Splunk’s out-of-the-box machine learning-, behavioral-, and AI-driven detection searches are created to help identify patterns and alert you to threats and anomalous behavior.

Analytic Stories

All detection searches relevant to a particular threat are packaged in the form of analytic stories (also known as use cases).

SOAR Playbook Packs

A collection of pre-built automation playbooks that are designed to help users tackle specific use cases.

How to get Security Content

Take advantage of security content through the Enterprise Security Content Update (ESCU) app or the Splunk Security Essentials (SSE) app. Both apps allow you to deploy the over 1,600 out-of-the-box searches to start detecting, investigating and responding to threats. You can also view the full security content repository by visiting research.splunk.com.

And with that information, we can move onto the latest content. Let’s take a look!

Splunk Security Content: Q4 Roundup

Below you will find a brief table of contents, followed by an overview of all the security content developed from November 2023 – January 2024. (Prefer a video update? Watch our on-demand Tech Talk “Using the Splunk Threat Research Team’s Latest Security Content.”)

Table of Contents

Adversary Tradecraft Analytic Stories

Emerging Threats Analytic Stories

Overview: Adversary Tradecraft Analytic Stories

DarkGate is a malware that employs multi-stage payloads and leverages obfuscated AutoIt scripting to exfiltrate sensitive data and establish command and control communications. This analytic story includes detections to help uncover and investigate activities that could be indicative of DarkGate’s presence. Check out “Enter The Gates: An Analysis of the DarkGate AutoIt Loader” to learn more.

Previous Security Content Roundups

Looking for previous security content updates? Check out the previous quarters of security content roundups from the Spunk Threat Research Team. Stay tuned to that page and this one — we’re updating them every quarter!

Post Your Comment

Subscribe Our Newsletter

We hate spam, we obviously will not spam you!

Services
  • Security Analysis
  • Penetration Testing
  • Thread Detection
  • 360 Protection
Use Cases
  • Website Security
  • AppSec
  • Case Studies
  • Integrations
Opportunities
  • Partnerships
  • Software Suite
  • Careers
Resources
Support
  • Support
  • Contact Us
  • About Us
  • Partnerships
Get in Touch
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC

Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC