The Splunk Threat Research Team recently evaluated ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging to assist enterprise defenders in finding malicious PowerShell scripts. This method provides greater depth of visibility as it provides the raw (entire) PowerShell script output. There are three sources that may enhance any defender's perspective: module, script block and transcript logging.

Security analysts know this situation well: inundated by alerts, alternating between 10 different security tools, and feeling the pressure of responding to each and every threat. It’s typically around this point that SOC teams realize it’s humanly impossible to process the amount of data that needs to be processed, and they should start looking for a solution. Gretchen White, Chief Information Security Officer at Minnesota Judicial Courts, experienced this firsthand.

Cyber attacks come in many forms, but they almost always share one trait in common: they are carried out over the network. Although there are exceptions, the network is usually the entry point that attackers use to launch whichever exploits, data thefts, or other intrusions they aim to impose upon a business.

The Splunk Threat Research Team (STRT) most recently began evaluating more ways to generate security content using native Windows event logging regarding PowerShell Script Block Logging. This method provides greater depth of visibility as it provides the raw (entire) PowerShell script output. There are three sources that may enhance any defender's perspective: module, script block and transcript logging.

The Office of Management and Budget’s memo mandates a maturity model for event log management, sets agency implementation requirements, and establishes government-wide responsibilities. Fortunately, Splunk solutions can help agencies comply with the new mandates.

Does your Splunk app integrate with a third-party service or API? If so, that service might require your app’s users to authenticate using a secret. You can securely store and retrieve secrets in an app using the capabilities of the Splunk platform.

Your cybersecurity team walks into the office, and their day is instantly taken off the rails. They get an alert informing them that something on the network is acting suspiciously. It isn’t necessarily a threat, but they don’t have the tools to know for sure. After looking into it, they learn that a SaaS provider for one of their departments delivered an update that caused a service degradation. Thankfully, it isn’t an attack.

I’ve been working with Splunk customers around the world for years to help them answer security questions with their data. And, like you probably know, sometimes it’s hard to know where to start for specific security use cases. We all know Splunk’s data platform is capable of delivering incredible analytics and insights at scale, but how do we tie that power with all of the content and premium solutions for security that Splunk provides?