Splunk Query Tutorial

powershell_4104_hunting.yml

description: The following analytic identifies suspicious PowerShell execution using Script Block Logging (EventCode 4104). It leverages specific patterns and keywords within the ScriptBlockText field ...

Security Boulevard

Upgrading Splunk Universal Forwarders from the Deployment Server

One of the most requested features I hear from clients as a Splunk Managed Services Provider (MSSP) is to have a mechanism for managing the version of the Splunk Universal Forwarder across the ...

Scientific Research Publishing

Independent Study of Splunk ()

The paper’s objective is to easily search data and integrate all data sources or tools into one place for people to identify issues in visualizable ways based on correlating multiple data sources. On ...

IEEE

MITRE Tactics Inference from Splunk Queries

Abstract: In cybersecurity, understanding an attacker’s tactics and techniques gives the defender an edge. MITRE ATT&CK provides a framework that describes 14 tactics commonly used by attackers in the ...

GitHub

Splunk 101.md

Typically when people think of a SIEM Security Information and Event Management system that is used to aggregate security information in the form of logs, alerts, artifacts and events into a ...

Some results have been hidden because they may be inaccessible to you

Show inaccessible results