Splunk Enterprise Security - the AI Powered SecOps Platform

Community Office Hours
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise Security - the AI Powered SecOps Platform

Splunk Enterprise Security - the AI Powered SecOps Platform

1 Comment
Cover Images - Office Hours (32).png
Published on ‎10-03-2025 05:42 AM by Splunk Employee | Updated on ‎11-24-2025 06:08 AM

[Register Here]  This thread is for the Community Office Hours session on Splunk Enterprise Security - the AI Powered SecOps Platform on Tuesday, Nov 18, 2025 at 11 am PT / 2 pm ET.

 

Ask the experts at Community Office Hours! An ongoing series where technical Splunk experts answer questions and provide how-to guidance on various Splunk product and use case topics.

 

What can I ask in this AMA?

  • What is different in the latest Splunk Enterprise Security, the AI powered SecOps Platform?
  • Why upgrade to Enterprise Security 8 and why now?
  • What are upgrade considerations and prep work?
  • What do I need to know as a SOC Analyst, Detection Engineer, or SOAR engineer before and after my upgrade to Enterprise Security 8?
  • What is the difference between Enterprise Security Essentials and Enterprise Security Premier?
  • Anything else you'd like to learn!

 

Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (sign in with SSO here). 

 

Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants.

 

Look forward to connecting!


Labels (2)
0 Karma
loriexi
Splunk Employee
Splunk Employee
‎11-24-2025 06:17 AM
‎11-24-2025 06:17 AM

Hi everyone! Here are a few questions from the session (get the full Q&A deck and live recording in the #office-hours Slack channel) 

Q1:  How can I monitor the notes of analyst in Mission Control? How is it different in the mission control app and the mission control interface in ES 8?

A:  Notes can be viewed directly through drilling into an investigation in the Analyst Queue by clicking View Investigation.  From there on the right hand side, you can see the Notes drop down and all the notes are available for reading there. 

Some notes on Notes:

By default, notes are in reverse chronological order
They are consolidated from manually and automated created notes.
You can require notes in a response plan but note that this will impact all users of the response plan.
 
Q2:  What are the latest features added in Splunk ES and how does it fit into Splunk Mission Control?
 
A:  Enterprise Security 8 is a complete overhaul of the end user functions, including making Mission Control the nervous center of the product.  Some highlights are:
One touch and hybrid pairing for ES and SOAR
Security AI Assistant integration
Detection Engineering improvements (auditing, testing, validation, etc)
Threat Intel ingestion improvements
 

This is a snippet of the latest in 8.2.3 (latest as of this webinar), but the full release notes will contain everything. 

 

Q3:  Can I back up my Splunk ES 7.3 and restore my data in new Splunk ES 8.x? Does it show all the KO?

 

A:  This is a highly caveated yes, solely because of the functional changes between earlier versions of ES and ES8.x.  Field KO's such as extractions, masking, etc are good.  But there are several items that will require pre and post upgrade validation.  This list is not inclusive of everything, but key items that stand out are:

Investigations and KV Store Data
Correlation Searches (now Detections)
RBA/Risk Analysis
0 Karma