Splunk Security Content

Splunk Threat Reasearch Team (STRT)

We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats.

Excessive DNS Failures

DNS , Application Layer Protocol

Email servers sending high volume traffic to hosts

Email Collection , Remote Email Collection

Email files written outside of the Outlook directory

Email Collection , Local Email Collection

EC2 Instance Started With Previously Unseen User

Cloud Accounts

EC2 Instance Modified With Previously Unseen User