This team of security experts develops security content in the form of detections, ML models and SOAR playbooks to help teams address time-sensitive threats and understand attack methods.
Learn how the Splunk Threat Research Team develops detections for Splunk security products.
Study Threats
Identify emerging threats and understand how they operate
Generate Datasets
Collect data and use Splunk to parse the data and identify patterns that can be used to detect the threat
Build Detections
Build rules or queries designed to identify specific activity associated with the threat
Test Detections
Run queries against a dataset that simulates attacker behavior to improve accuracy and reduce false positives
Release
Package detections to deliver timely and effective protections against emerging threats to Splunk customers
Leverage security content through the Enterprise Security Content Updates app, or the Splunk Security Essentials app. You can view the full repository of detections, use cases, and playbooks on the Splunk Security Content site.
Read in-depth overviews of various threats and their corresponding detections.
Test your detection searches against cyber attacks in a simulated environment utilizing open source tools from the Splunk Threat Research Team: Attack Range, Attack Data Repository and Melting Cobalt.
Learn about some of the biggest security threats and how to detect and respond to them with Splunk.
Machine and deep learning detections to learn from data, identify patterns, and make decisions to help alert you to threats and anomalous behavior buried within vast amounts of data.
Protect your business and elevate your security operations with a best-in-class data platform, advanced analytics and automated investigations and response.
Automatically detect and analyze the most complex credential phishing and malware threats.
A security analytics solution that moves at the speed of your business with out-of-the-box detections to stay ahead of threats.
Work smarter by automating repetitive security tasks, respond to incidents in seconds, and increase analyst productivity and accuracy to better protect your business.
Detect, investigate and respond to threats from one modern and unified work surface.
Extend the power of the Splunk Platform for enhanced visibility and improved detections with threat research.
Secure against unknown threats through user and entity behavior analytics using machine learning.