Splunk Tech Talks
Deep-dives for technical practitioners.

Detecting Remote Code Executions With the Splunk Threat Research Team

WhitneySink
Splunk Employee
Splunk Employee

Remote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, they allow attackers to easily execute arbitrary code on affected systems without authentication — and open the door to use additional tactics and techniques to cause further harm.

To support defenders against these attacks, the Splunk Threat Research Team regularly creates new out-of-the-box security content for use in Splunk Enterprise Security. Join this Tech Talk to learn more from Michael Haag, Principal Threat Researcher, who will provide:

  • An overview of the latest security content the team has developed to defend against RCEs
  • Best practices for implementing and using this content
  • A walkthrough of the detection engineering process the Splunk Threat Research Team follows to create security content for defending against CVEs

Watch the full Tech Talk here:

(view in My Videos)

Tags (1)
Contributors
Get Updates on the Splunk Community!

New Release of Federated Search: Bringing Splunk Analytics to More of Your Data

Organizations today are generating more data than ever and storing it across cloud object stores, data lakes, ...

Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents

Tech Talk Inside Event Intelligence: How ITSI Turns Network Alerts into Actionable Incidents   Correlating ...

Observability Simplified: Combining User Experience, Application Performance & ...

  Tech Talk Network to App: Observability Unlocked   Today’s digital environments span applications, ...