Splunk Security Content

Splunk Threat Reasearch Team (STRT)

We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats.

Remote Desktop Process Running On System

Remote Desktop Protocol, Remote Services

Remote Desktop Network Bruteforce

Remote Desktop Protocol, Remote Services

Protocol or Port Mismatch

Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol, Exfiltration Over Alternative Protocol

Prohibited Network Traffic Allowed

Exfiltration Over Alternative Protocol

Overwriting Accessibility Binaries

Event Triggered Execution, Accessibility Features