Splunk Detections

Name Data Source Technique Type Analytic Story Date
Path traversal SPL injection Splunk File and Directory Discovery TTP Splunk Vulnerabilities 2024-09-25
Persistent XSS in RapidDiag through User Interface Views Splunk Drive-by Compromise TTP Splunk Vulnerabilities 2024-05-24
Splunk Absolute Path Traversal Using runshellscript Splunk File and Directory Discovery Hunting Splunk Vulnerabilities 2024-05-17
Splunk Account Discovery Drilldown Dashboard Disclosure Account Discovery TTP Splunk Vulnerabilities 2024-05-15
Splunk App for Lookup File Editing RCE via User XSLT Exploitation of Remote Services Hunting Splunk Vulnerabilities 2024-05-16
Splunk Authentication Token Exposure in Debug Log Log Enumeration TTP Splunk Vulnerabilities 2024-05-25
Splunk Code Injection via custom dashboard leading to RCE Exploitation of Remote Services Hunting Splunk Vulnerabilities 2024-05-24
Splunk Command and Scripting Interpreter Delete Usage Splunk Command and Scripting Interpreter Anomaly Splunk Vulnerabilities 2024-05-21
Splunk Command and Scripting Interpreter Risky Commands Splunk Command and Scripting Interpreter Hunting Splunk Vulnerabilities 2024-05-19
Splunk Command and Scripting Interpreter Risky SPL MLTK Splunk Command and Scripting Interpreter Anomaly Splunk Vulnerabilities 2024-05-15
Splunk CSRF in the SSG kvstore Client Endpoint Splunk Drive-by Compromise TTP Splunk Vulnerabilities 2024-07-01
Splunk Data exfiltration from Analytics Workspace using sid query Splunk Exfiltration Over Web Service Hunting Splunk Vulnerabilities 2024-05-25
Splunk Digital Certificates Infrastructure Version Splunk Digital Certificates Hunting Splunk Vulnerabilities 2024-05-27
Splunk Digital Certificates Lack of Encryption Splunk Digital Certificates Anomaly Splunk Vulnerabilities 2024-05-18
Splunk Disable KVStore via CSRF Enabling Maintenance Mode Splunk Service Stop TTP Splunk Vulnerabilities 2024-10-14
Splunk DoS Using Malformed SAML Request Splunk Network Denial of Service Hunting Splunk Vulnerabilities 2024-05-29
Splunk DOS Via Dump SPL Command Splunk Application or System Exploitation Hunting Splunk Vulnerabilities 2024-05-03
Splunk DoS via Malformed S2S Request Splunk Network Denial of Service TTP Splunk Vulnerabilities 2024-05-27
Splunk DoS via POST Request Datamodel Endpoint Endpoint Denial of Service Hunting Splunk Vulnerabilities 2024-07-01
Splunk DOS via printf search function Splunk Application or System Exploitation Hunting Splunk Vulnerabilities 2024-05-25
Splunk Edit User Privilege Escalation Splunk Abuse Elevation Control Mechanism Hunting Splunk Vulnerabilities 2024-05-15
Splunk Endpoint Denial of Service DoS Zip Bomb Splunk Endpoint Denial of Service TTP Splunk Vulnerabilities 2024-05-27
Splunk Enterprise KV Store Incorrect Authorization Splunk Abuse Elevation Control Mechanism Hunting Splunk Vulnerabilities 2024-05-10
Splunk ES DoS Investigations Manager via Investigation Creation Splunk Endpoint Denial of Service TTP Splunk Vulnerabilities 2024-05-25
Splunk ES DoS Through Investigation Attachments Splunk Endpoint Denial of Service TTP Splunk Vulnerabilities 2024-05-29
Splunk HTTP Response Splitting Via Rest SPL Command Splunk HTML Smuggling Hunting Splunk Vulnerabilities 2024-05-27
Splunk Image File Disclosure via PDF Export in Classic Dashboard Splunk Account Discovery Hunting Splunk Vulnerabilities 2024-10-14
Splunk Improperly Formatted Parameter Crashes splunkd Splunk Endpoint Denial of Service TTP Splunk Vulnerabilities 2024-10-14
Splunk Information Disclosure in Splunk Add-on Builder Splunk System Information Discovery Hunting Splunk Vulnerabilities 2024-05-20
Splunk Information Disclosure on Account Login Splunk Account Discovery Hunting Splunk Vulnerabilities 2024-07-01
Splunk list all nonstandard admin accounts Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-05-21
Splunk Low-Priv Search as nobody SplunkDeploymentServerConfig App Splunk Exploitation for Privilege Escalation Hunting Splunk Vulnerabilities 2024-10-14
Splunk Low Privilege User Can View Hashed Splunk Password Splunk Exploitation for Credential Access Hunting Splunk Vulnerabilities 2024-05-29
Splunk Path Traversal In Splunk App For Lookup File Edit Splunk File and Directory Discovery Hunting Splunk Vulnerabilities 2024-05-22
Splunk Persistent XSS via Props Conf Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-14
Splunk Persistent XSS via Scheduled Views Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-10-14
Splunk Persistent XSS Via URL Validation Bypass W Dashboard Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-05-20
Splunk Process Injection Forwarder Bundle Downloads Splunk Process Injection Hunting Splunk Vulnerabilities 2024-05-23
Splunk Protocol Impersonation Weak Encryption Configuration Splunk Protocol or Service Impersonation Hunting Splunk Vulnerabilities 2024-05-28
Splunk protocol impersonation weak encryption selfsigned Splunk Digital Certificates Hunting Splunk Vulnerabilities 2024-05-21
Splunk protocol impersonation weak encryption simplerequest Splunk Digital Certificates Hunting Splunk Vulnerabilities 2024-05-23
Splunk RBAC Bypass On Indexing Preview REST Endpoint Splunk Access Token Manipulation Hunting Splunk Vulnerabilities 2024-05-15
Splunk RCE PDFgen Render Splunk Exploitation of Remote Services TTP Splunk Vulnerabilities 2024-07-01
Splunk RCE via External Lookup Copybuckets Splunk Exploitation of Remote Services Hunting Splunk Vulnerabilities 2024-07-01
Splunk RCE via Serialized Session Payload Splunk Exploit Public-Facing Application Hunting Splunk Vulnerabilities 2024-05-26
Splunk RCE via Splunk Secure Gateway Splunk Mobile alerts feature Splunk Exploitation of Remote Services Hunting Splunk Vulnerabilities 2024-05-16
Splunk RCE via User XSLT Exploitation of Remote Services Hunting Splunk Vulnerabilities 2024-05-16
Splunk Reflected XSS in the templates lists radio Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-05-23
Splunk Reflected XSS on App Search Table Endpoint Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-05-23
Splunk risky Command Abuse disclosed february 2023 Splunk Abuse Elevation Control Mechanism Indirect Command Execution Hunting Splunk Vulnerabilities 2024-07-23
Splunk Sensitive Information Disclosure in DEBUG Logging Channels Splunk Unsecured Credentials Hunting Splunk Vulnerabilities 2024-10-14
Splunk SG Information Disclosure for Low Privs User Splunk Account Discovery Hunting Splunk Vulnerabilities 2024-10-14
Splunk Stored XSS conf-web Settings on Premises Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-07-01
Splunk Stored XSS via Data Model objectName Field Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-07-01
Splunk Stored XSS via Specially Crafted Bulletin Message Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-07-01
Splunk Unauthenticated DoS via Null Pointer References Splunk Endpoint Denial of Service Hunting Splunk Vulnerabilities 2024-07-01
Splunk Unauthenticated Log Injection Web Service Log Splunk Exploit Public-Facing Application Hunting Splunk Vulnerabilities 2024-05-19
Splunk Unauthenticated Path Traversal Modules Messaging Splunk File and Directory Discovery Hunting Splunk Vulnerabilities 2024-07-01
Splunk Unauthorized Experimental Items Creation Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-07-01
Splunk Unauthorized Notification Input by User Splunk Abuse Elevation Control Mechanism Hunting Splunk Vulnerabilities 2024-07-01
Splunk unnecessary file extensions allowed by lookup table uploads Splunk Drive-by Compromise TTP Splunk Vulnerabilities 2024-05-28
Splunk User Enumeration Attempt Splunk Valid Accounts TTP Splunk Vulnerabilities 2024-09-25
Splunk XSS in Highlighted JSON Events Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-07-01
Splunk XSS in Monitoring Console Drive-by Compromise TTP Splunk Vulnerabilities 2024-09-25
Splunk XSS in Save table dialog header in search page Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-07-01
Splunk XSS Privilege Escalation via Custom Urls in Dashboard Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-07-01
Splunk XSS Via External Urls in Dashboards SSRF Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-07-01
Splunk XSS via View Splunk Drive-by Compromise Hunting Splunk Vulnerabilities 2024-05-13
Open Redirect in Splunk Web N/A TTP Splunk Vulnerabilities 2017-09-19
Splunk Enterprise Information Disclosure N/A TTP Splunk Vulnerabilities 2018-06-14
Java Class File download by Java User Agent Splunk Stream HTTP Exploit Public-Facing Application TTP Log4Shell CVE-2021-44228 2024-08-15
Multiple Archive Files Http Post Traffic Splunk Stream HTTP Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over Alternative Protocol TTP Command And Control, Data Exfiltration 2024-05-16
Plain HTTP POST Exfiltrated Data Splunk Stream HTTP Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over Alternative Protocol TTP Command And Control, Data Exfiltration 2024-05-26
Splunk Identified SSL TLS Certificates Splunk Stream TCP Network Sniffing Hunting Splunk Vulnerabilities 2024-05-23
Web Spring4Shell HTTP Request Class Module Splunk Stream HTTP Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-05-28
Web Spring Cloud Function FunctionRouter Splunk Stream HTTP Exploit Public-Facing Application External Remote Services TTP Spring4Shell CVE-2022-22965 2024-05-22