Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

ML Detection of Risky Command Exploit

As described in Splunk Vulnerability Disclosure SVD-2022-0624, there is a list of SPL (Search Processing Language) commands that are classified as risky. This is because incorrect use of these risky commands may lead to a security breach or data loss. As a precautionary measure, the Splunk Search app pops up a dialog, alerting users before executing these commands whenever these commands are called.

Splunk Security Essentials 3.6.0: A Holistic View of Your Security

We hope that you had a blast at.conf22 whether you attended in-person or virtually! To keep the good vibes of.conf rolling, we are releasing Splunk Security Essentials 3.6.0. For those new here, Splunk Security Essentials (SSE) is a fully supported app that is available to install from Splunkbase. There is so much to be excited about in this update and we can’t wait for you to make the most of all the new benefits.

CVE Severity: Approaches for When & How To Manage Builds

In a-near perfect world, you would instantly fix your application every time a relevant CVE was issued. (In a truly perfect world, of course, there would be no security incidents, and hence no CVEs in the first place.) But in the real world, reacting to CVEs requires a careful calculation. You need to assess whether each CVE is serious enough to warrant the rejection of a build and a delay of a release.

3 Important German BSI Documents Every SIEM & SOC Manager Needs To Know About

The German IT Security Act 2.0 (IT-SiG 2.0) has been in force since May 2021. Due to this new law, significantly more German companies have been classified as operators of critical infrastructures (KRITIS) than ever. This is a major cause of headaches for many managers. In addition, IT departments are starting to ask themselves: "Are we now regarded as KRITIS"? And if so, "What do we have to take into consideration?"

Splunk Assist: Cloud-Powered Insights Just for You, at Your Fingertips

Have you been worried about whether your deployment is secure? Are you tired of keeping track of all security vulnerabilities and vendor-provided patches to ensure that your exposure to such vulnerabilities is minimized? What about making sure that the certificates for your hundreds of forwarders, indexers, search heads and other Splunk connectors are not expired? You’re not alone!

Exploring Security and Observability on Splunk Lantern

Your organization purchased Splunk Cloud Platform some time ago. Your environment is ingesting dozens of data sources and your team has expert level SPL skills. You've created easily consumable dashboards and reports for many different types of stakeholders and you've mastered alert fatigue. Your organization's return on investment both in Splunk and Splunk education is paying large dividends in terms of time saved managing threats and improved operational efficiency.

Data Center Security Explained: Concepts & Standards

Did you know that in the U.S. the average cost of a data breach is a whopping $8.64 million? As a business, securing your data must be your #1 priority. Data centers store personal, confidential and financial information about their customers, stakeholders and employers. Criminals can exploit such information, costing businesses millions of dollars to investigate and remediate. The damage is not only monetary — it can have significant impact on your brand image.

Threat Update: Industroyer2

The Splunk Threat Research Team (STRT) continues to monitor new relevant payloads to the ongoing conflict in Eastern Europe. One of these new payloads was found by the Ukranian CERT named “Industroyer2.” The name of this new payload references the original "Industroyer" malicious payload used against the country of Ukraine's power grid in 2016 and allegedly was able to affect a fifth of the power capacity of the city of Kyiv.