Splunk Detections

Name	Data Source	Technique	Type	Analytic Story	Date
Path traversal SPL injection	Splunk	File and Directory Discovery	TTP	Splunk Vulnerabilities	2024-10-16
Persistent XSS in RapidDiag through User Interface Views	Splunk	Drive-by Compromise	TTP	Splunk Vulnerabilities	2024-10-16
Splunk Absolute Path Traversal Using runshellscript	Splunk	File and Directory Discovery	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Account Discovery Drilldown Dashboard Disclosure		Account Discovery	TTP	Splunk Vulnerabilities	2024-10-17
Splunk App for Lookup File Editing RCE via User XSLT		Exploitation of Remote Services	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Authentication Token Exposure in Debug Log		Log Enumeration	TTP	Splunk Vulnerabilities	2024-10-16
Splunk Code Injection via custom dashboard leading to RCE		Exploitation of Remote Services	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Command and Scripting Interpreter Delete Usage	Splunk	Command and Scripting Interpreter	Anomaly	Splunk Vulnerabilities	2024-10-16
Splunk Command and Scripting Interpreter Risky Commands	Splunk	Command and Scripting Interpreter	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Command and Scripting Interpreter Risky SPL MLTK	Splunk	Command and Scripting Interpreter	Anomaly	Splunk Vulnerabilities	2024-10-16
Splunk CSRF in the SSG kvstore Client Endpoint	Splunk	Drive-by Compromise	TTP	Splunk Vulnerabilities	2024-10-16
Splunk Data exfiltration from Analytics Workspace using sid query	Splunk	Exfiltration Over Web Service	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Digital Certificates Infrastructure Version	Splunk	Digital Certificates	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Digital Certificates Lack of Encryption	Splunk	Digital Certificates	Anomaly	Splunk Vulnerabilities	2024-10-16
Splunk Disable KVStore via CSRF Enabling Maintenance Mode	Splunk	Service Stop	TTP	Splunk Vulnerabilities	2024-10-16
Splunk DoS Using Malformed SAML Request	Splunk	Network Denial of Service	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk DOS Via Dump SPL Command	Splunk	Application or System Exploitation	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk DoS via Malformed S2S Request	Splunk	Network Denial of Service	TTP	Splunk Vulnerabilities	2024-10-16
Splunk DoS via POST Request Datamodel Endpoint		Endpoint Denial of Service	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk DOS via printf search function	Splunk	Application or System Exploitation	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Edit User Privilege Escalation	Splunk	Abuse Elevation Control Mechanism	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Endpoint Denial of Service DoS Zip Bomb	Splunk	Endpoint Denial of Service	TTP	Splunk Vulnerabilities	2024-10-16
Splunk Enterprise KV Store Incorrect Authorization	Splunk	Abuse Elevation Control Mechanism	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk ES DoS Investigations Manager via Investigation Creation	Splunk	Endpoint Denial of Service	TTP	Splunk Vulnerabilities	2024-10-16
Splunk ES DoS Through Investigation Attachments	Splunk	Endpoint Denial of Service	TTP	Splunk Vulnerabilities	2024-10-16
Splunk HTTP Response Splitting Via Rest SPL Command	Splunk	HTML Smuggling	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Image File Disclosure via PDF Export in Classic Dashboard	Splunk	Account Discovery	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Improperly Formatted Parameter Crashes splunkd	Splunk	Endpoint Denial of Service	TTP	Splunk Vulnerabilities	2024-10-17
Splunk Information Disclosure in Splunk Add-on Builder	Splunk	System Information Discovery	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Information Disclosure on Account Login	Splunk	Account Discovery	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk list all nonstandard admin accounts	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Low-Priv Search as nobody SplunkDeploymentServerConfig App	Splunk	Exploitation for Privilege Escalation	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Low Privilege User Can View Hashed Splunk Password	Splunk	Exploitation for Credential Access	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Path Traversal In Splunk App For Lookup File Edit	Splunk	File and Directory Discovery	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Persistent XSS via Props Conf	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Persistent XSS via Scheduled Views	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Persistent XSS Via URL Validation Bypass W Dashboard	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Process Injection Forwarder Bundle Downloads	Splunk	Process Injection	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Protocol Impersonation Weak Encryption Configuration	Splunk	Protocol or Service Impersonation	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk protocol impersonation weak encryption selfsigned	Splunk	Digital Certificates	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk protocol impersonation weak encryption simplerequest	Splunk	Digital Certificates	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk RBAC Bypass On Indexing Preview REST Endpoint	Splunk	Access Token Manipulation	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk RCE PDFgen Render	Splunk	Exploitation of Remote Services	TTP	Splunk Vulnerabilities	2024-10-16
Splunk RCE via External Lookup Copybuckets	Splunk	Exploitation of Remote Services	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk RCE via Serialized Session Payload	Splunk	Exploit Public-Facing Application	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk RCE via Splunk Secure Gateway Splunk Mobile alerts feature	Splunk	Exploitation of Remote Services	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk RCE via User XSLT		Exploitation of Remote Services	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Reflected XSS in the templates lists radio	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Reflected XSS on App Search Table Endpoint	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk risky Command Abuse disclosed february 2023	Splunk	Abuse Elevation Control Mechanism Indirect Command Execution	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Sensitive Information Disclosure in DEBUG Logging Channels	Splunk	Unsecured Credentials	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk SG Information Disclosure for Low Privs User	Splunk	Account Discovery	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Stored XSS conf-web Settings on Premises	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Stored XSS via Data Model objectName Field	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Stored XSS via Specially Crafted Bulletin Message	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Unauthenticated DoS via Null Pointer References	Splunk	Endpoint Denial of Service	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Unauthenticated Log Injection Web Service Log	Splunk	Exploit Public-Facing Application	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Unauthenticated Path Traversal Modules Messaging	Splunk	File and Directory Discovery	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Unauthorized Experimental Items Creation	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk Unauthorized Notification Input by User	Splunk	Abuse Elevation Control Mechanism	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk unnecessary file extensions allowed by lookup table uploads	Splunk	Drive-by Compromise	TTP	Splunk Vulnerabilities	2024-10-16
Splunk User Enumeration Attempt	Splunk	Valid Accounts	TTP	Splunk Vulnerabilities	2024-10-16
Splunk XSS in Highlighted JSON Events	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk XSS in Monitoring Console		Drive-by Compromise	TTP	Splunk Vulnerabilities	2024-10-17
Splunk XSS in Save table dialog header in search page	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk XSS Privilege Escalation via Custom Urls in Dashboard	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk XSS Via External Urls in Dashboards SSRF	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Splunk XSS via View	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2024-10-17
Open Redirect in Splunk Web		N/A	TTP	Splunk Vulnerabilities	2024-10-17
Splunk Enterprise Information Disclosure		N/A	TTP	Splunk Vulnerabilities	2024-10-17
Splunk Identified SSL TLS Certificates	Splunk Stream TCP	Network Sniffing	Hunting	Splunk Vulnerabilities	2024-10-17
Java Class File download by Java User Agent	Splunk Stream HTTP	Exploit Public-Facing Application	TTP	Log4Shell CVE-2021-44228	2024-10-16
Multiple Archive Files Http Post Traffic	Splunk Stream HTTP	Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over Alternative Protocol	TTP	Command And Control, Data Exfiltration	2024-09-30
Plain HTTP POST Exfiltrated Data	Splunk Stream HTTP	Exfiltration Over Unencrypted Non-C2 Protocol Exfiltration Over Alternative Protocol	TTP	Command And Control, Data Exfiltration	2024-09-30
Web Spring4Shell HTTP Request Class Module	Splunk Stream HTTP	Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2024-09-30
Web Spring Cloud Function FunctionRouter	Splunk Stream HTTP	Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2024-09-30