Use Cases for Security with Splunk Platform
Browse the categories below to learn how you can use the Splunk platform to accomplish your security business goals.
Or, if you have Splunk premium products for security, check out our Security Use Case Library.
- Behavior Analysis
- Detecting AWS suspicious provisioning activities
- Detecting cloud federated credential abuse in AWS
- Detecting cloud federated credential abuse in Windows
- Detecting Google Cloud Platform cross-account activity
- Detecting masquerading
- Detecting privilege escalation in your AWS environment
- Detecting suspicious activities within cloud instances
- Finding Windows audit log tampering
- Monitoring user activity spikes in AWS
- Compliance
- Analyzing AWS service action errors
- Complying with the Markets in Financial Instruments Directive II
- Defining and detecting Personally Identifiable Information (PII) in log data
- Detecting unencrypted web communications
- Identifying new Windows local admin accounts
- Knowing your financial services customer
- Monitoring consumer bank accounts to maintain compliance
- Monitoring NIST SP 800-53 rev5 control families
- Processing DMCA notices
- Recognizing improper use of system administration tools
- Running common General Data Protection Regulation (GDPR) compliance searches
- Threat Hunting
- Checking for files created on a system
- Detecting AWS network ACL activity
- Detecting AWS security hub alerts
- Detecting a ransomware attack
- Detecting BlackMatter ransomware
- Detecting brute force access behavior
- Detecting Clop ransomware
- Detecting DarkSide ransomware
- Detecting data exfiltration activities
- Detecting domain trust discovery attempts
- Detecting FIN7 attacks
- Detecting host redirection attacks
- Detecting IcedID attacks
- Detecting indicators of Remcos RAT malware
- Detecting malicious activities with Sigma rules
- Detecting malicious file obfuscation using certutil.exe
- Detecting Netsh attacks
- Detecting network and port scanning
- Detecting Office 365 attacks
- Detecting password spraying attacks within Active Directory environments
- Detecting recurring malware on a host
- Detecting software supply chain attacks
- Detecting Supernova web shell malware
- Detecting techniques in the Orangeworm attack group
- Detecting the disabling of security tools
- Detecting the use of randomization in cyberattacks
- Detecting threats in a Hyperledger Fabric multi-party computation system
- Detecting TOR traffic
- Detecting Trickbot attacks
- Detecting web fraud
- Detecting WhisperGate malware
- Detecting Windows BITS abuse
- Detecting XMRig CPU or GPU mining
- Detecting Zerologon attacks
- Finding interactive logins from service accounts
- Finding large web uploads
- Investigating Gsuite phishing attacks
- Monitoring a network for DNS exfiltration
- Monitoring DNS queries
- Monitoring for signs of a Windows privilege escalation attack
- Monitoring Windows account access
- Protecting a Salesforce cloud deployment
- Reconstructing a website defacement
- Visualizing processes and their parent/child relationships
- Windows user group changes