Splunk Search

CVE-2023-23397 is all the rage right now.
Has anyone figured out a way to detect this in office content?
I've checked all Microsoft docs I can find, but nothing informs me as to what I'm actually looking for inside an email or contact etc.

MS has some pwershell things to look for in your environment. Eith on-prem Exchange or Cloud-based.

https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Securit...

This blog post might help: https://www.cardinalops.com/en/resources/detecting-microsoft-outlook-vulnerability-cve-2023-23397-sp...

You can check out our thread about this in the user group: https://splunk-usergroups.slack.com/archives/CDNHXVBGS/p1678882662724229.

Hi

I'm not a member of "splunk-usergroups on Slack" so can't see the detail you are referencing

You won't regret joining it: https://docs.splunk.com/Documentation/Community/current/community/Chat

Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...