Splunk Search

CVE-2023-23397 is all the rage right now.
Has anyone figured out a way to detect this in office content?
I've checked all Microsoft docs I can find, but nothing informs me as to what I'm actually looking for inside an email or contact etc.

MS has some pwershell things to look for in your environment. Eith on-prem Exchange or Cloud-based.

https://github.com/microsoft/CSS-Exchange/blob/a4c096e8b6e6eddeba2f42910f165681ed64adf7/docs/Securit...

This blog post might help: https://www.cardinalops.com/en/resources/detecting-microsoft-outlook-vulnerability-cve-2023-23397-sp...

You can check out our thread about this in the user group: https://splunk-usergroups.slack.com/archives/CDNHXVBGS/p1678882662724229.

Hi

I'm not a member of "splunk-usergroups on Slack" so can't see the detail you are referencing

You won't regret joining it: https://docs.splunk.com/Documentation/Community/current/community/Chat

Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members! The ...