Splunk Security Content

Splunk Threat Reasearch Team (STRT)

We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats.

Detect Excessive User Account Lockouts

Valid Accounts , Local Accounts

Detect DNS requests to Phishing Sites leveraging EvilGinx2

Spearphishing via Service

Detect AWS API Activities From Unapproved Accounts

Cloud Accounts

Clients Connecting to Multiple DNS Servers

Exfiltration Over Unencrypted Non-C2 Protocol

Attempt To Stop Security Service

Disable or Modify Tools , Impair Defenses