Splunk Blog

• Predicting Cyber Fraud Through Real-World Events: Insights from Domain Registration Trends

  Dec 15, 2025

  By analyzing new domain registrations around major real-world events, researchers show how fraud campaigns take shape early, helping defenders spot threats before scams surface.

• Introducing… The Threat Hunter’s Cookbook!

  Aug 6, 2025

  The security experts on the SURGe team have released The Threat Hunter’s Cookbook, a hands-on guide for security practitioners that features actionable insights into threat hunting methods, ready-to-use queries, and more.

• Defending at Machine Speed: Guiding LLMs with Security Context

  Jun 24, 2025

  Enhance LLM performance for cybersecurity tasks with few-shot learning, RAG, & fine-tuning guide models for accurate PowerShell classification.

• Defending at Machine-Speed: Accelerated Threat Hunting with Open Weight LLM Models

  Apr 2, 2025

  Splunker Ryan Fetterman explains how Splunk DSDL 5.2 enhances cybersecurity operations, streamlining PowerShell script classification and reducing analyst workload by 250x.

• Autonomous Adversaries: Are Blue Teams Ready for Cyberattacks To Go Agentic?

  Feb 7, 2025

  Explore the impact of autonomous adversaries on cybersecurity as AI and LLMs evolve.

• Macro ATT&CK for a TTP Snack

  Oct 21, 2024

  Splunk's Mick Baccio and Ryan Fetterman explore 2024's macro-level cyber incident trends through the lens of the MITRE ATT&CK framework.

• Macro-ATT&CK 2024: A Five-Year Perspective

  Oct 10, 2024

  Splunk’s Ryan Fetterman and Tamara Chacon dive into attacker techniques, trends, and blue team tips for analyzing and visualizing data from the past year.

• Add To Chrome? - Part 4: Threat Hunting in 3-Dimensions: M-ATH in the Chrome Web Store

  Mar 4, 2024

  SURGe experiments with a method to find masquerading using M-ATH with Splunk and the DSDL App.

• Revisiting the Big Picture: Macro-level ATT&CK Updates for 2023

  Sep 26, 2023

  SURGe reviews the latest attacker trends and behaviors with this look at four years of ATT&CK data from some of the largest and most trusted threat reporting sources.

• Threat Hunting for Dictionary-DGA with PEAK

  Sep 12, 2023

  Explore applied model-assisted threat hunting for dictionary-based domain generation algorithms using the SURGe Security Research Team's PEAK Threat Hunting Framework.

• Model-Assisted Threat Hunting (M-ATH) with the PEAK Framework

  May 17, 2023

  Welcome to the third entry in our introduction to the PEAK Threat Hunting Framework! Taking our detective theme to the next level, imagine a tough case where you need to call in a specialized investigator. For these unique cases, we can use algorithmically-driven approaches called Model-Assisted Threat Hunting (M-ATH).

• Paws in the Pickle Jar: Risk & Vulnerability in the Model-sharing Ecosystem

  Apr 27, 2023

  As AI / Machine Learning (ML) systems now support millions of daily users, has our understanding of the relevant security risks kept pace with this wild rate of adoption?

• Zoom. Enhance!: Finding Value in Macro-level ATT&CK Reporting

  Dec 14, 2022

  Aggregated analysis of global ATT&CK-mapped threat reporting