Our blog

How to Detect Sunburst Backdoor with Splunk Enterprise Security

Blog Image

How to Detect Sunburst Backdoor with Splunk Enterprise Security

December 15, 2020 | Curtis Smith | Comments Off on How to Detect Sunburst Backdoor with Splunk Enterprise Security | ,

In the article linked below, Splunker Ryan Kovar has provided practical guidance on implementing SUNBURST detections. Based on the information provided by FireEye and Microsoft, Ryan walks us through configuring the following tools to detect SUNBURST activity:

  • Leveraging threat intelligence feeds and lookups to enrich event data with SUNBURST IOC’s.
  • Using searches from Splunk Security Essentials use cases which are mapped to the MITRE ATT&CK techniques associated with SUNBURST.
  • Utilizing Microsoft Azure App for Splunk to serach for SUNBURST activity in Azure AD.

I am sure you will find this article to be very informative and useful! Happy Splunking!

https://www.splunk.com/en_us/blog/security/sunburst-backdoor-detections-in-splunk.html

Search Here

Latest Posts

Bitsio_Final_pr

bitsIO, Inc. Named A Splunk Elite Partner

February 28, 2019
Blog Image

7 Splunk Date Format Changes Beginning in 2020

November 28, 2019
splunk IoT bitsIO

Insights from Internet of Things

April 22, 2020

Categories

bitsIO (3) Corporate (6) education (2) General (6) Internet of Things (1) MSSP (3) RBA (1) Splunk (13) Tutorials (4) Uncategorized (1)

Tags

Applications Covid19 guide linux Multifactor authentification RBA remote vpn Remote Work security Splunk terminal ubuntu Web WFH