Thanks for stopping by the Splunk Security Research Team's resource portal! Here you'll find background and links to our security content and other related tools.
Splunk security content is organized into "Analytic Stories," themed security guides that provide background on TTPs, mapped to the MITRE framework, the Lockheed Martin Kill Chain, and CIS controls. They include Splunk searches, machine-learning algorithms, and Splunk Phantom playbooks (where available)—all built to work together to detect, investigate, and respond to threats. The other apps were designed to help you derive more value from this content.
You can review our Analytic Stories by category here, or in our Splunk App.
If you prefer working with the command line, check out our API:
curl -s https://content.splunkresearch.com | jq
{
"hello": "welcome to Splunks Research security content api",
"available_endpoints": [
"/stories",
"/detections",
"/investigations",
"/baselines",
"/responses",
"/package"
]
}
Once you've cloned the security-content repo, we recommend using our Analytic Story Execution App (ASX) to execute all of the searches, machine-learning models, and Splunk Phantom playbooks in the story automatically.
The attack_range project allows you to spin up an enviroment and launch attacks against it to test the detections.
If you get stuck or need help with any of our tools, see our support options.
If you want to help the rest of the security community by sharing your own detections, see our contributor guide. Digital defenders unite!