Remote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, they allow attackers to easily execute arbitrary code on affected systems without authentication — and open the door to use additional tactics and techniques to cause further harm.
To support defenders against these attacks, the Splunk Threat Research Team regularly creates new out-of-the-box security content for use in Splunk Enterprise Security. Join this Tech Talk to learn more from Michael Haag, Principal Threat Researcher, who will provide:
- An overview of the latest security content the team has developed to defend against RCEs
- Best practices for implementing and using this content
- A walkthrough of the detection engineering process the Splunk Threat Research Team follows to create security content for defending against CVEs
