| Detect Risky SPL using Pretrained ML Model |
Command and Scripting Interpreter |
Anomaly |
| Splunk App for Lookup File Editing RCE via User XSLT |
Exploitation of Remote Services |
Hunting |
| Splunk Authentication Token Exposure in Debug Log |
Log Enumeration |
TTP |
| Splunk Code Injection via custom dashboard leading to RCE |
Exploitation of Remote Services |
Hunting |
| Splunk Command and Scripting Interpreter Delete Usage |
Command and Scripting Interpreter |
Anomaly |
| Splunk Command and Scripting Interpreter Risky Commands |
Command and Scripting Interpreter |
Hunting |
| Splunk Command and Scripting Interpreter Risky SPL MLTK |
Command and Scripting Interpreter |
Anomaly |
| Splunk Enterprise KV Store Incorrect Authorization |
Abuse Elevation Control Mechanism |
Hunting |
| Splunk Improperly Formatted Parameter Crashes splunkd |
Endpoint Denial of Service |
TTP |
| Splunk Information Disclosure on Account Login |
Account Discovery |
Hunting |
| Splunk Path Traversal In Splunk App For Lookup File Edit |
File and Directory Discovery |
Hunting |
| Splunk RCE PDFgen Render |
Exploitation of Remote Services |
TTP |
| Splunk RCE Through Arbitrary File Write to Windows System Root |
Exploitation of Remote Services |
Hunting |
| Splunk RCE via User XSLT |
Exploitation of Remote Services |
Hunting |
| Splunk Sensitive Information Disclosure in DEBUG Logging Channels |
Unsecured Credentials |
Hunting |
| Splunk User Enumeration Attempt |
Valid Accounts |
TTP |
| Splunk XSS Privilege Escalation via Custom Urls in Dashboard |
Drive-by Compromise |
Hunting |
| Path traversal SPL injection |
File and Directory Discovery |
TTP |
| Persistent XSS in RapidDiag through User Interface Views |
Drive-by Compromise |
TTP |
| Splunk Absolute Path Traversal Using runshellscript |
File and Directory Discovery |
Hunting |
| Splunk Account Discovery Drilldown Dashboard Disclosure |
Account Discovery |
TTP |
| Splunk CSRF in the SSG kvstore Client Endpoint |
Drive-by Compromise |
TTP |
| Splunk Data exfiltration from Analytics Workspace using sid query |
Exfiltration Over Web Service |
Hunting |
| Splunk Digital Certificates Infrastructure Version |
Digital Certificates |
Hunting |
| Splunk Digital Certificates Lack of Encryption |
Digital Certificates |
Anomaly |
| Splunk Disable KVStore via CSRF Enabling Maintenance Mode |
Service Stop |
TTP |
| Splunk DoS Using Malformed SAML Request |
Network Denial of Service |
Hunting |
| Splunk DOS Via Dump SPL Command |
Application or System Exploitation |
Hunting |
| Splunk DoS via Malformed S2S Request |
Network Denial of Service |
TTP |
| Splunk DoS via POST Request Datamodel Endpoint |
Endpoint Denial of Service |
Hunting |
| Splunk DOS via printf search function |
Application or System Exploitation |
Hunting |
| Splunk Edit User Privilege Escalation |
Abuse Elevation Control Mechanism |
Hunting |
| Splunk Endpoint Denial of Service DoS Zip Bomb |
Endpoint Denial of Service |
TTP |
| Splunk Enterprise Windows Deserialization File Partition |
Exploit Public-Facing Application |
TTP |
| Splunk ES DoS Investigations Manager via Investigation Creation |
Endpoint Denial of Service |
TTP |
| Splunk ES DoS Through Investigation Attachments |
Endpoint Denial of Service |
TTP |
| Splunk HTTP Response Splitting Via Rest SPL Command |
HTML Smuggling |
Hunting |
| Splunk Identified SSL TLS Certificates |
Network Sniffing |
Hunting |
| Splunk Image File Disclosure via PDF Export in Classic Dashboard |
Account Discovery |
Hunting |
| Splunk Information Disclosure in Splunk Add-on Builder |
System Information Discovery |
Hunting |
| Splunk list all nonstandard admin accounts |
Drive-by Compromise |
Hunting |
| Splunk Low-Priv Search as nobody SplunkDeploymentServerConfig App |
Exploitation for Privilege Escalation |
Hunting |
| Splunk Low Privilege User Can View Hashed Splunk Password |
Exploitation for Credential Access |
Hunting |
| Splunk Persistent XSS via Props Conf |
Drive-by Compromise |
Hunting |
| Splunk Persistent XSS via Scheduled Views |
Drive-by Compromise |
Hunting |
| Splunk Persistent XSS Via URL Validation Bypass W Dashboard |
Drive-by Compromise |
Hunting |
| Splunk Process Injection Forwarder Bundle Downloads |
Process Injection |
Hunting |
| Splunk Protocol Impersonation Weak Encryption Configuration |
Protocol or Service Impersonation |
Hunting |
| Splunk protocol impersonation weak encryption selfsigned |
Digital Certificates |
Hunting |
| Splunk protocol impersonation weak encryption simplerequest |
Digital Certificates |
Hunting |
| Splunk RBAC Bypass On Indexing Preview REST Endpoint |
Access Token Manipulation |
Hunting |
| Splunk RCE via External Lookup Copybuckets |
Exploitation of Remote Services |
Hunting |
| Splunk RCE via Serialized Session Payload |
Exploit Public-Facing Application |
Hunting |
| Splunk RCE via Splunk Secure Gateway Splunk Mobile alerts feature |
Exploitation of Remote Services |
Hunting |
| Splunk Reflected XSS in the templates lists radio |
Drive-by Compromise |
Hunting |
| Splunk Reflected XSS on App Search Table Endpoint |
Drive-by Compromise |
Hunting |
| Splunk risky Command Abuse disclosed february 2023 |
Abuse Elevation Control Mechanism, Indirect Command Execution |
Hunting |
| Splunk SG Information Disclosure for Low Privs User |
Account Discovery |
Hunting |
| Splunk Stored XSS conf-web Settings on Premises |
Drive-by Compromise |
Hunting |
| Splunk Stored XSS via Data Model objectName Field |
Drive-by Compromise |
Hunting |
| Splunk Stored XSS via Specially Crafted Bulletin Message |
Drive-by Compromise |
Hunting |
| Splunk Unauthenticated DoS via Null Pointer References |
Endpoint Denial of Service |
Hunting |
| Splunk Unauthenticated Log Injection Web Service Log |
Exploit Public-Facing Application |
Hunting |
| Splunk Unauthenticated Path Traversal Modules Messaging |
File and Directory Discovery |
Hunting |
| Splunk Unauthorized Experimental Items Creation |
Drive-by Compromise |
Hunting |
| Splunk Unauthorized Notification Input by User |
Abuse Elevation Control Mechanism |
Hunting |
| Splunk unnecessary file extensions allowed by lookup table uploads |
Drive-by Compromise |
TTP |
| Splunk XSS in Highlighted JSON Events |
Drive-by Compromise |
Hunting |
| Splunk XSS in Monitoring Console |
Drive-by Compromise |
TTP |
| Splunk XSS in Save table dialog header in search page |
Drive-by Compromise |
Hunting |
| Splunk XSS Via External Urls in Dashboards SSRF |
Drive-by Compromise |
Hunting |
| Splunk XSS via View |
Drive-by Compromise |
Hunting |
Splunk