Splunk Detections

Name Data Source Technique Type Analytic Story Date
Path traversal SPL injection Splunk File and Directory Discovery TTP Splunk Vulnerabilities 2024-10-16
Persistent XSS in RapidDiag through User Interface Views Splunk Drive-by Compromise TTP Splunk Vulnerabilities 2024-10-16
Splunk Absolute Path Traversal Using runshellscript Splunk File and Directory Discovery Hunting Splunk Vulnerabilities 2024-10-17
Splunk Account Discovery Drilldown Dashboard Disclosure Account Discovery TTP Splunk Vulnerabilities 2024-10-17
Splunk App for Lookup File Editing RCE via User XSLT Exploitation of Remote Services Hunting Splunk Vulnerabilities 2024-10-17
Splunk Authentication Token Exposure in Debug Log Log Enumeration TTP Splunk Vulnerabilities 2024-10-16
Splunk Code Injection via custom dashboard leading to RCE Exploitation of Remote Services Hunting Splunk Vulnerabilities 2024-10-17
Splunk Command and Scripting Interpreter Delete Usage Splunk Command and Scripting Interpreter Anomaly Splunk Vulnerabilities 2024-10-16
Splunk Command and Scripting Interpreter Risky Commands Splunk Command and Scripting Interpreter Hunting Splunk Vulnerabilities 2024-10-17
Splunk Command and Scripting Interpreter Risky SPL MLTK Splunk Command and Scripting Interpreter Anomaly Splunk Vulnerabilities 2024-10-16
Splunk CSRF in the SSG kvstore Client Endpoint Splunk Drive-by Compromise TTP Splunk Vulnerabilities 2024-10-16
Splunk Data exfiltration from Analytics Workspace using sid query Splunk Exfiltration Over Web Service Hunting Splunk Vulnerabilities 2024-10-17
Splunk Digital Certificates Infrastructure Version Splunk Digital Certificates Hunting Splunk Vulnerabilities 2024-10-17
Splunk Digital Certificates Lack of Encryption Splunk Digital Certificates Anomaly Splunk Vulnerabilities 2024-10-16
Splunk Disable KVStore via CSRF Enabling Maintenance Mode Splunk Service Stop TTP Splunk Vulnerabilities 2024-10-16
Splunk DoS Using Malformed SAML Request Splunk Network Denial of Service Hunting Splunk Vulnerabilities 2024-10-17
Splunk DOS Via Dump SPL Command Splunk Application or System Exploitation Hunting Splunk Vulnerabilities 2024-10-17
Splunk DoS via Malformed S2S Request Splunk Network Denial of Service TTP Splunk Vulnerabilities 2024-10-16
Splunk DoS via POST Request Datamodel Endpoint Endpoint Denial of Service Hunting Splunk Vulnerabilities 2024-10-17
Splunk DOS via printf search function Splunk Application or System Exploitation Hunting Splunk Vulnerabilities 2024-10-17
Splunk Edit User Privilege Escalation Splunk Abuse Elevation Control Mechanism Hunting Splunk Vulnerabilities 2024-10-17
Splunk Endpoint Denial of Service DoS Zip Bomb Splunk Endpoint Denial of Service TTP Splunk Vulnerabilities 2024-10-16
Splunk Enterprise KV Store Incorrect Authorization Splunk Abuse Elevation Control Mechanism Hunting Splunk Vulnerabilities 2024-10-17
Splunk ES DoS Investigations Manager via Investigation Creation Splunk Endpoint Denial of Service TTP Splunk Vulnerabilities 2024-10-16
Splunk ES DoS Through Investigation Attachments Splunk Endpoint Denial of Service TTP Splunk Vulnerabilities 2024-10-16
Splunk HTTP Response Splitting Via Rest SPL Command Splunk HTML Smuggling Hunting Splunk Vulnerabilities 2024-10-17
Splunk Image File Disclosure via PDF Export in Classic Dashboard Splunk Account Discovery Hunting Splunk Vulnerabilities 2024-10-17
Splunk Improperly Formatted Parameter Crashes splunkd Splunk Endpoint Denial of Service TTP Splunk Vulnerabilities 2024-10-17
Splunk Information Disclosure in Splunk Add-on Builder Splunk System Information Discovery Hunting Splunk Vulnerabilities 2024-10-17
Splunk Information Disclosure on Account Login Splunk Account Discovery Hunting Splunk Vulnerabilities 2024-10-17
Splunk list all nonstandard admin accounts Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk Low-Priv Search as nobody SplunkDeploymentServerConfig App Splunk Exploitation for Privilege Escalation Hunting Splunk Vulnerabilities 2024-10-17
Splunk Low Privilege User Can View Hashed Splunk Password Splunk Exploitation for Credential Access Hunting Splunk Vulnerabilities 2024-10-17
Splunk Path Traversal In Splunk App For Lookup File Edit Splunk File and Directory Discovery Hunting Splunk Vulnerabilities 2024-10-17
Splunk Persistent XSS via Props Conf Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk Persistent XSS via Scheduled Views Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk Persistent XSS Via URL Validation Bypass W Dashboard Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk Process Injection Forwarder Bundle Downloads Splunk Process Injection Hunting Splunk Vulnerabilities 2024-10-17
Splunk Protocol Impersonation Weak Encryption Configuration Splunk Protocol or Service Impersonation Hunting Splunk Vulnerabilities 2024-10-17
Splunk protocol impersonation weak encryption selfsigned Splunk Digital Certificates Hunting Splunk Vulnerabilities 2024-10-17
Splunk protocol impersonation weak encryption simplerequest Splunk Digital Certificates Hunting Splunk Vulnerabilities 2024-10-17
Splunk RBAC Bypass On Indexing Preview REST Endpoint Splunk Access Token Manipulation Hunting Splunk Vulnerabilities 2024-10-17
Splunk RCE PDFgen Render Splunk Exploitation of Remote Services TTP Splunk Vulnerabilities 2024-10-16
Splunk RCE via External Lookup Copybuckets Splunk Exploitation of Remote Services Hunting Splunk Vulnerabilities 2024-10-17
Splunk RCE via Serialized Session Payload Splunk Exploit Public-Facing Application Hunting Splunk Vulnerabilities 2024-10-17
Splunk RCE via Splunk Secure Gateway Splunk Mobile alerts feature Splunk Exploitation of Remote Services Hunting Splunk Vulnerabilities 2024-10-17
Splunk RCE via User XSLT Exploitation of Remote Services Hunting Splunk Vulnerabilities 2024-10-17
Splunk Reflected XSS in the templates lists radio Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk Reflected XSS on App Search Table Endpoint Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk risky Command Abuse disclosed february 2023 Splunk Abuse Elevation Control Mechanism Indirect Command Execution Hunting Splunk Vulnerabilities 2024-10-17
Splunk Sensitive Information Disclosure in DEBUG Logging Channels Splunk Unsecured Credentials Hunting Splunk Vulnerabilities 2024-10-17
Splunk SG Information Disclosure for Low Privs User Splunk Account Discovery Hunting Splunk Vulnerabilities 2024-10-17
Splunk Stored XSS conf-web Settings on Premises Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk Stored XSS via Data Model objectName Field Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk Stored XSS via Specially Crafted Bulletin Message Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk Unauthenticated DoS via Null Pointer References Splunk Endpoint Denial of Service Hunting Splunk Vulnerabilities 2024-10-17
Splunk Unauthenticated Log Injection Web Service Log Splunk Exploit Public-Facing Application Hunting Splunk Vulnerabilities 2024-10-22
Splunk Unauthenticated Path Traversal Modules Messaging Splunk File and Directory Discovery Hunting Splunk Vulnerabilities 2024-10-17
Splunk Unauthorized Experimental Items Creation Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk Unauthorized Notification Input by User Splunk Abuse Elevation Control Mechanism Hunting Splunk Vulnerabilities 2024-10-17
Splunk unnecessary file extensions allowed by lookup table uploads Splunk Drive-by Compromise TTP Splunk Vulnerabilities 2024-10-16
Splunk User Enumeration Attempt Splunk Valid Accounts TTP Splunk Vulnerabilities 2024-10-16
Splunk XSS in Highlighted JSON Events Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk XSS in Monitoring Console Drive-by Compromise TTP Splunk Vulnerabilities 2024-10-17
Splunk XSS in Save table dialog header in search page Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk XSS Privilege Escalation via Custom Urls in Dashboard Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk XSS Via External Urls in Dashboards SSRF Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Splunk XSS via View Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-17
Open Redirect in Splunk Web N/A TTP Splunk Vulnerabilities 2024-10-17
Splunk Enterprise Information Disclosure N/A TTP Splunk Vulnerabilities 2024-10-17
Splunk Identified SSL TLS Certificates Splunk Stream TCP Network Sniffing Hunting Splunk Vulnerabilities 2024-10-17
Java Class File download by Java User Agent Splunk Stream HTTP Exploit Public-Facing Application TTP Log4Shell CVE-2021-44228 2024-10-16
Multiple Archive Files Http Post Traffic Splunk Stream HTTP Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over Alternative Protocol TTP Command And Control, Data Exfiltration 2024-09-30
Plain HTTP POST Exfiltrated Data Splunk Stream HTTP Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over Alternative Protocol TTP Command And Control, Data Exfiltration 2024-09-30
Web Spring4Shell HTTP Request Class Module Splunk Stream HTTP Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-09-30
Web Spring Cloud Function FunctionRouter Splunk Stream HTTP Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-09-30