Splunk software can be used to detect and respond to advanced threats. An advanced threat is an adversary that uses multiple attack vectors to obtain or change information, and is often difficult to discover, remove and attribute. The attack lifecycle for an advanced threat includes delivery, exploitation and installation, and persistence and communication channels. Delivery can occur through malicious links or file attachments in emails or visiting infected websites. Exploitation and installation involves executing the malware, which can be hidden in common documents and web files. Once executed, the malware performs activities to run undetected on the endpoint, such as installing programs that look normal or by creating persistence and communication channels.