Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to detect Ransomware using splunk?

Gauri001
Engager
‎06-11-2022 09:22 AM

Q): How to detect ransomware using Splunk?,  please give query also to create alert in ransomware, 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-11-2022 10:52 AM

Splunk doesn't detect ransomware directly.  Instead, it detects behaviors that could indicate the presence of ransomware, such as a sudden increase in file writes (as when files are encrypted) or filename extensions commonly used by ransomware.

Install the Splunk Security Essentials app and search for "ransomware" to find suggested queries.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-11-2022 10:52 AM

Splunk doesn't detect ransomware directly.  Instead, it detects behaviors that could indicate the presence of ransomware, such as a sudden increase in file writes (as when files are encrypted) or filename extensions commonly used by ransomware.

Install the Splunk Security Essentials app and search for "ransomware" to find suggested queries.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎06-11-2022 01:07 PM

@Gauri001Also remember that splunk on its own does not "detect" anything. Splunk, using proper searches, can deduce information from the data it's given. If you don't have relevant data onboarded from source machines splunk won't be able to "detect" anything. It's not an EDR solution.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...