Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Learn more: http://splunk.com/top-50-security-threats

OpenClaw is the hottest opensource AI tool, but it comes with massive security risks. In this video I'll give you the controls to mitigate these risks.

Insider threats thrive in ambiguity. They exist in the space where everyday work and malicious intent overlap. Traditional defenses are not built to detect that overlap, they are built to stop outsiders, not to question the behavior of insiders who look legitimate until the moment they are not. User Entity and Behavior Analytics (UEBA) fills that gap by establishing a behavioral perimeter around every identity and device.

We simulate real-world adversary behaviors inside a Kubernetes cluster to validate how Tetragon’s kernel-level visibility translates into detectable, high-fidelity security signals in Splunk. Each simulation maps to techniques in the MITRE ATT&CK for Containers framework and showcases how eBPF instrumentation allows us to catch what traditional agents often miss—for example, process lineage, syscall context, and Kubernetes workload-level attribution.

Discover how SPL2 (Splunk Processing Language 2) is transforming the way organizations manage data at scale. In this demo, we dive deep into how SPL2 addresses modern data challenges by offering a unified, SQL-like syntax and powerful new tools like the Module Editor. With syntax that’s instantly familiar to current users, SPL2 removes barriers to adoption and lets teams leverage its power from day one.

MSIXBuilder transforms what was traditionally a complex, multi-tool process into a single automated workflow that mirrors actual attacker techniques. By automatically handling certificate lifecycle management, dependency resolution, and package signing, the tool removes the technical barriers that previously prevented security teams from creating realistic test scenarios. This means defenders can quickly generate both signed and unsigned MSIX packages to validate their AppXDeployment event log coverage, confirm detection rules, and build detection coverage that actually works against real-world threats.

Learn how Splunk Attack Analyzer saves analysts time and enhances SOC efficiency by automatically analyzing complex attack chains.

The Splunk Enterprise Security Content Update (ESCU) app is a powerful resource developed by the Splunk Threat Research Team. It provides out-of-the-box detection analytics mapped to the MITRE ATT&CK framework and tailored to various platforms such as Windows, Linux, and cloud environments. While installing ESCU is straightforward, operationalizing the content - meaning tuning, enabling, and maintaining it for real-world use - requires a few deliberate steps.

This demo video showcases Xworm attacks and Splunk detections finding the different ways it executes on an OS.

The Splunk Threat Research Team created a simple script tool to automatically extract the hidden stub modules from the resource entry images. This video demo shows how this tool can extract hidden payload on those images on non-corrupted.NET Loaders.