Splunk Tech Talks
Deep-dives for technical practitioners.

Detecting Remote Code Executions With the Splunk Threat Research Team

Splunk Employee
Splunk Employee


Screenshot 2024-05-23 at 6.45.44 AM.png

Remote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, they allow attackers to easily execute arbitrary code on affected systems without authentication — and open the door to use additional tactics and techniques to cause further harm.

To support defenders against these attacks, the Splunk Threat Research Team regularly creates new out-of-the-box security content for use in Splunk Enterprise Security. Join this Tech Talk to learn more from Michael Haag, Principal Threat Researcher, who will provide:

  • An overview of the latest security content the team has developed to defend against RCEs
  • Best practices for implementing and using this content
  • A walkthrough of the detection engineering process the Splunk Threat Research Team follows to create security content for defending against CVEs


Tags (1)
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...