Splunk Security Content

Splunk Threat Reasearch Team (STRT)

We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats.

Detect DNS requests to Phishing Sites leveraging EvilGinx2

Spearphishing via Service

Detect AWS API Activities From Unapproved Accounts

Cloud Accounts

Clients Connecting to Multiple DNS Servers

Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol

Attempt To Stop Security Service

Disable or Modify Tools , Impair Defenses

Abnormally High AWS Instances Terminated by User - MLTK