false

Tag: Rapid Response Guides

Latest Articles

Security 12 Min Read

Nothing PUNY About OpenSSL (CVE-2022-3602)

The Splunk SURGe team shares an outline of their interpretation of the CVE-2022-3602 vulnerability and what you can do to detect it in your environment.
Security 7 Min Read

Atlassian Confluence Vulnerability CVE-2022-26134

Get a closer look at the Atlassian Confluence Vulnerability CVE-2022-26134, including a breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.
Security 7 Min Read

RCE à La Follina (CVE-2022-30190)

The Splunk SURGe team offers a closer look into the Follina MS Office RCE, including a breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.
Security 9 Min Read

Log4Shell - Detecting Log4j Vulnerability (CVE-2021-44228) Continued

Good news, you can use Splunk to proactively hunt using Network Traffic and DNS query logs data sources to detect potential Log4Shell exploit. From Splunk SURGe, learn even more detections against CVE-2021-44228.
Security 9 Min Read

Log4Shell - Detecting Log4j 2 RCE Using Splunk

A serious remote code execution (RCE) vulnerability (CVE-2021-44228) in the popular open source Apache Log4j logging library poses a threat to thousands of applications and third-party services that leverage this library. From Splunk SURGe, learn how you can detect Log4j 2 RCE using Splunk.
Security 8 Min Read

The DarkSide of the Ransomware Pipeline

Learn about the Colonial Pipeline ransomware attack and how you can start detecting and remediating DarkSide's activities and attack using Splunk.
Security 5 Min Read

Automated Clean-up of HAFNIUM Shells and Processes with Splunk Phantom

Implement security playbooks to automatically delete Microsoft Exchange Webshells and terminate W3WP spawned processes with Splunk Phantom.
Security 13 Min Read

Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…

Even if you haven’t uncovered Microsoft Exchange Vulnerabilities and malicious behavior, it is important to continue monitoring, particularly as more actors look to leverage these vulnerabilities for their own purposes.
Security 9 Min Read

Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk

This blog discusses how to detect HAFNIUM activity around the recent CVEs released affecting Exchange Server using Splunk and Splunk Enterprise Security.