Try in Splunk Security Cloud

Description

Keeping your Splunk Enterprise deployment up to date is critical and will help you reduce the risk associated with vulnerabilities in the product.

  • Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
  • Datamodel:
  • Last Updated: 2022-03-28
  • Author: Lou Stella, Splunk
  • ID: 5354df00-dce2-48ac-9a64-8adb48006828

Narrative

This analytic story includes detections that focus on attacker behavior targeted at your Splunk environment directly.

Detections

Name Technique Type
Path traversal SPL injection File and Directory Discovery TTP
Splunk DoS via Malformed S2S Request Network Denial of Service TTP
Splunk User Enumeration Attempt Valid Accounts TTP
Splunk XSS in Monitoring Console Drive-by Compromise TTP
Open Redirect in Splunk Web None TTP
Splunk Enterprise Information Disclosure None TTP

Reference

source | version: 1