Splunk Search

CVE-2023-23397 is all the rage right now.
Has anyone figured out a way to detect this in office content?
I've checked all Microsoft docs I can find, but nothing informs me as to what I'm actually looking for inside an email or contact etc.

MS has some pwershell things to look for in your environment. Eith on-prem Exchange or Cloud-based.

https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Securit...

This blog post might help: https://www.cardinalops.com/en/resources/detecting-microsoft-outlook-vulnerability-cve-2023-23397-sp...

You can check out our thread about this in the user group: https://splunk-usergroups.slack.com/archives/CDNHXVBGS/p1678882662724229.

Hi

I'm not a member of "splunk-usergroups on Slack" so can't see the detail you are referencing

You won't regret joining it: https://docs.splunk.com/Documentation/Community/current/community/Chat

Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...