GitHub Repo

Splunk Detections

Name Data Source Technique Type Analytic Story Date
Splunk User Enumeration Attempt Splunk T1078 TTP Splunk Vulnerabilities 2026-05-14
Splunk Sensitive Information Disclosure in DEBUG Logging Channels Splunk T1552 Hunting Splunk Vulnerabilities 2026-05-14
Splunk Information Disclosure on Account Login Splunk T1087 Hunting Splunk Vulnerabilities 2026-05-14
Splunk Code Injection via custom dashboard leading to RCE T1210 Hunting Splunk Vulnerabilities 2026-05-14
Splunk RCE PDFgen Render Splunk T1210 TTP Splunk Vulnerabilities 2026-05-14
Splunk App for Lookup File Editing RCE via User XSLT T1210 Hunting Splunk Vulnerabilities 2026-05-14
Splunk XSS Privilege Escalation via Custom Urls in Dashboard Splunk T1189 Hunting Splunk Vulnerabilities 2026-05-14
Splunk Authentication Token Exposure in Debug Log T1654 TTP Splunk Vulnerabilities 2026-05-14
Splunk Path Traversal In Splunk App For Lookup File Edit Splunk T1083 Hunting Splunk Vulnerabilities 2026-05-14
Splunk Enterprise KV Store Incorrect Authorization Splunk T1548 Hunting Splunk Vulnerabilities 2026-05-14
Splunk RCE via User XSLT T1210 Hunting Splunk Vulnerabilities 2026-05-14
Web Spring4Shell HTTP Request Class Module Splunk Stream HTTP T1133 T1190 TTP Spring4Shell CVE-2022-22965 2026-05-13
Web Spring Cloud Function FunctionRouter Splunk Stream HTTP T1133 T1190 TTP Spring4Shell CVE-2022-22965 2026-05-13
Java Class File download by Java User Agent Splunk Stream HTTP T1190 TTP Log4Shell CVE-2021-44228 2026-05-13
Plain HTTP POST Exfiltrated Data Splunk Stream HTTP T1048.003 TTP Data Exfiltration, Command And Control, APT37 Rustonotto and FadeStealer 2026-05-13
Multiple Archive Files Http Post Traffic Splunk Stream HTTP T1048.003 TTP Hellcat Ransomware, Data Exfiltration, Command And Control, APT37 Rustonotto and FadeStealer 2026-05-13
Splunk AppDynamics Secure Application Alerts Splunk AppDynamics Secure Application Alert N/A Anomaly Critical Alerts 2026-05-13
Cisco Smart Install Oversized Packet Detection Splunk Stream TCP T1190 TTP Cisco Smart Install Remote Code Execution CVE-2018-0171 2026-05-13
Cisco Smart Install Port Discovery and Status Splunk Stream TCP T1190 TTP Scattered Lapsus$ Hunters, Cisco Smart Install Remote Code Execution CVE-2018-0171 2026-05-13