Splunk Detections

Name	Data Source	Technique	Type	Analytic Story	Date
Splunk App for Lookup File Editing RCE via User XSLT		Exploitation of Remote Services	Hunting	Splunk Vulnerabilities	2025-05-02
Splunk Authentication Token Exposure in Debug Log		Log Enumeration	TTP	Splunk Vulnerabilities	2025-05-02
Splunk Code Injection via custom dashboard leading to RCE		Exploitation of Remote Services	Hunting	Splunk Vulnerabilities	2025-05-02
Splunk Command and Scripting Interpreter Delete Usage	Splunk	Command and Scripting Interpreter	Anomaly	Splunk Vulnerabilities	2025-05-02
Splunk Command and Scripting Interpreter Risky Commands	Splunk	Command and Scripting Interpreter	Hunting	Splunk Vulnerabilities	2025-05-02
Splunk Command and Scripting Interpreter Risky SPL MLTK	Splunk	Command and Scripting Interpreter	Anomaly	Splunk Vulnerabilities	2025-05-02
Splunk Enterprise KV Store Incorrect Authorization	Splunk	Abuse Elevation Control Mechanism	Hunting	Splunk Vulnerabilities	2025-05-02
Splunk Improperly Formatted Parameter Crashes splunkd	Splunk	Endpoint Denial of Service	TTP	Splunk Vulnerabilities	2025-05-02
Splunk Information Disclosure on Account Login	Splunk	Account Discovery	Hunting	Splunk Vulnerabilities	2025-05-02
Splunk Path Traversal In Splunk App For Lookup File Edit	Splunk	File and Directory Discovery	Hunting	Splunk Vulnerabilities	2025-05-02
Splunk RCE PDFgen Render	Splunk	Exploitation of Remote Services	TTP	Splunk Vulnerabilities	2025-05-02
Splunk RCE via User XSLT		Exploitation of Remote Services	Hunting	Splunk Vulnerabilities	2025-05-02
Splunk Sensitive Information Disclosure in DEBUG Logging Channels	Splunk	Unsecured Credentials	Hunting	Splunk Vulnerabilities	2025-05-02
Splunk User Enumeration Attempt	Splunk	Valid Accounts	TTP	Splunk Vulnerabilities	2025-05-02
Splunk XSS Privilege Escalation via Custom Urls in Dashboard	Splunk	Drive-by Compromise	Hunting	Splunk Vulnerabilities	2025-05-02
Java Class File download by Java User Agent	Splunk Stream HTTP	Exploit Public-Facing Application	TTP	Log4Shell CVE-2021-44228	2025-05-02
Multiple Archive Files Http Post Traffic	Splunk Stream HTTP	Exfiltration Over Unencrypted Non-C2 Protocol	TTP	Command And Control, Data Exfiltration	2025-05-02
Plain HTTP POST Exfiltrated Data	Splunk Stream HTTP	Exfiltration Over Unencrypted Non-C2 Protocol	TTP	Command And Control, Data Exfiltration	2025-05-02
Web Spring4Shell HTTP Request Class Module	Splunk Stream HTTP	Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2025-05-02
Web Spring Cloud Function FunctionRouter	Splunk Stream HTTP	Exploit Public-Facing Application External Remote Services	TTP	Spring4Shell CVE-2022-22965	2025-05-02