Detect Risky SPL using Pretrained ML Model |
Command and Scripting Interpreter |
Anomaly |
Path traversal SPL injection |
File and Directory Discovery |
TTP |
Persistent XSS in RapidDiag through User Interface Views |
Drive-by Compromise |
TTP |
Splunk Absolute Path Traversal Using runshellscript |
File and Directory Discovery |
Hunting |
Splunk Account Discovery Drilldown Dashboard Disclosure |
Account Discovery |
TTP |
Splunk App for Lookup File Editing RCE via User XSLT |
Exploitation of Remote Services |
Hunting |
Splunk Authentication Token Exposure in Debug Log |
Log Enumeration |
TTP |
Splunk Code Injection via custom dashboard leading to RCE |
Exploitation of Remote Services |
Hunting |
Splunk Command and Scripting Interpreter Delete Usage |
Command and Scripting Interpreter |
Anomaly |
Splunk Command and Scripting Interpreter Risky Commands |
Command and Scripting Interpreter |
Hunting |
Splunk Command and Scripting Interpreter Risky SPL MLTK |
Command and Scripting Interpreter |
Anomaly |
Splunk CSRF in the SSG kvstore Client Endpoint |
Drive-by Compromise |
TTP |
Splunk Data exfiltration from Analytics Workspace using sid query |
Exfiltration Over Web Service |
Hunting |
Splunk Digital Certificates Infrastructure Version |
Digital Certificates |
Hunting |
Splunk Digital Certificates Lack of Encryption |
Digital Certificates |
Anomaly |
Splunk DoS Using Malformed SAML Request |
Network Denial of Service |
Hunting |
Splunk DOS Via Dump SPL Command |
Application or System Exploitation |
Hunting |
Splunk DoS via Malformed S2S Request |
Network Denial of Service |
TTP |
Splunk DoS via POST Request Datamodel Endpoint |
Endpoint Denial of Service |
Hunting |
Splunk DOS via printf search function |
Application or System Exploitation |
Hunting |
Splunk Edit User Privilege Escalation |
Abuse Elevation Control Mechanism |
Hunting |
Splunk Endpoint Denial of Service DoS Zip Bomb |
Endpoint Denial of Service |
TTP |
Splunk Enterprise KV Store Incorrect Authorization |
Abuse Elevation Control Mechanism |
Hunting |
Splunk Enterprise Windows Deserialization File Partition |
Exploit Public-Facing Application |
TTP |
Splunk ES DoS Investigations Manager via Investigation Creation |
Endpoint Denial of Service |
TTP |
Splunk ES DoS Through Investigation Attachments |
Endpoint Denial of Service |
TTP |
Splunk HTTP Response Splitting Via Rest SPL Command |
HTML Smuggling |
Hunting |
Splunk Improperly Formatted Parameter Crashes splunkd |
Endpoint Denial of Service |
TTP |
Splunk Information Disclosure in Splunk Add-on Builder |
System Information Discovery |
Hunting |
Splunk Information Disclosure on Account Login |
Account Discovery |
Hunting |
Splunk list all nonstandard admin accounts |
Drive-by Compromise |
Hunting |
Splunk Low Privilege User Can View Hashed Splunk Password |
Exploitation for Credential Access |
Hunting |
Splunk Path Traversal In Splunk App For Lookup File Edit |
File and Directory Discovery |
Hunting |
Splunk Persistent XSS Via URL Validation Bypass W Dashboard |
Drive-by Compromise |
Hunting |
Splunk Process Injection Forwarder Bundle Downloads |
Process Injection |
Hunting |
Splunk Protocol Impersonation Weak Encryption Configuration |
Protocol Impersonation |
Hunting |
Splunk protocol impersonation weak encryption selfsigned |
Digital Certificates |
Hunting |
Splunk protocol impersonation weak encryption simplerequest |
Digital Certificates |
Hunting |
Splunk RBAC Bypass On Indexing Preview REST Endpoint |
Access Token Manipulation |
Hunting |
Splunk RCE PDFgen Render |
Exploitation of Remote Services |
TTP |
Splunk RCE via External Lookup Copybuckets |
Exploitation of Remote Services |
Hunting |
Splunk RCE via Serialized Session Payload |
Exploit Public-Facing Application |
Hunting |
Splunk RCE via Splunk Secure Gateway Splunk Mobile alerts feature |
Exploitation of Remote Services |
Hunting |
Splunk RCE via User XSLT |
Exploitation of Remote Services |
Hunting |
Splunk Reflected XSS in the templates lists radio |
Drive-by Compromise |
Hunting |
Splunk Reflected XSS on App Search Table Endpoint |
Drive-by Compromise |
Hunting |
Splunk risky Command Abuse disclosed february 2023 |
Abuse Elevation Control Mechanism, Indirect Command Execution |
Hunting |
Splunk Stored XSS conf-web Settings on Premises |
Drive-by Compromise |
Hunting |
Splunk Stored XSS via Data Model objectName Field |
Drive-by Compromise |
Hunting |
Splunk Stored XSS via Specially Crafted Bulletin Message |
Drive-by Compromise |
Hunting |
Splunk Unauthenticated DoS via Null Pointer References |
Endpoint Denial of Service |
Hunting |
Splunk Unauthenticated Log Injection Web Service Log |
Exploit Public-Facing Application |
Hunting |
Splunk Unauthenticated Path Traversal Modules Messaging |
File and Directory Discovery |
Hunting |
Splunk Unauthorized Experimental Items Creation |
Drive-by Compromise |
Hunting |
Splunk Unauthorized Notification Input by User |
Abuse Elevation Control Mechanism |
Hunting |
Splunk unnecessary file extensions allowed by lookup table uploads |
Drive-by Compromise |
TTP |
Splunk User Enumeration Attempt |
Valid Accounts |
TTP |
Splunk XSS in Highlighted JSON Events |
Drive-by Compromise |
Hunting |
Splunk XSS in Monitoring Console |
Drive-by Compromise |
TTP |
Splunk XSS in Save table dialog header in search page |
Drive-by Compromise |
Hunting |
Splunk XSS Privilege Escalation via Custom Urls in Dashboard |
Drive-by Compromise |
Hunting |
Splunk XSS Via External Urls in Dashboards SSRF |
Drive-by Compromise |
Hunting |
Splunk XSS via View |
Drive-by Compromise |
Hunting |
Open Redirect in Splunk Web |
None |
TTP |
Splunk Enterprise Information Disclosure |
None |
TTP |
Splunk Identified SSL TLS Certificates |
Network Sniffing |
Hunting |