This section describes useful Splunk SIEM queries for threat hunting. What to read next Useful Splunk SIEM Queries for Threat Hunting - MITRECarbon Black Cloud aligns to the MITRE ATT&CK Framework in both CB Analytics Alerts and Watchlist Hits. Useful Splunk SIEM Queries for Threat Hunting - Commonly Abused CommandsWhen multiple normal commands are observed on the same endpoint in a short time, it can require investigation. Useful Splunk SIEM Queries for Threat Hunting - Log4ShellYou can leverage the Data Forwarder and Custom Query Filters to forward Log4Shell-relevant EDR data to Splunk SIEM. Parent topic: Useful Queries for Splunk SIEM
