August 2022
Open Cybersecurity Schema Framework (OCSF) Project
Splunk is excited to participate in the recently announced Open Cybersecurity Schema Framework (OCSF) project. OCSF is an open-source standard, delivering a common and extensible, vendor-agnostic taxonomy to help all security teams realize better, faster data ingestion and analysis without the time-consuming up-front normalization tasks.
Splunk, together with co-founding member AWS, worked together with 16 other leading cybersecurity and technology organizations, including Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and Zscaler. This coalition represents a wide spectrum of security technologies, which aligns with the project’s goal to become the security event standard for any environment, application, or solution provider, and fits with existing security standards and processes.
Check out our blog to learn more. Interested in the OCSF project itself or how to become a contributor? Visit the project page at https://github.com/ocsf.
Enterprise Security Content Update v3.46.0
The recent release of Enterprise Security Content Update (ESCU) includes 24 new detections and 5 new analytic stories, which you can find on GitHub, Splunkbase, or via API update in Splunk Security Essentials (SSE). Below are a few release highlights, or you can explore further at research.splunk.com:
- DarkCrystal RAT analytic story, which has several new detection analytics to identify the unique behavior of this malware.
- Cloud-based attack research with two new analytic stories, AWS Defense Evasion and Azure Active Directory Account Takeover, to identify suspicious activities in your cloud environment.
- Linux LOLbins and Linux rootkits analytic stories.
- The Splunk Threat Research Team also published a blog detailing how to use a pre-trained machine learning (ML) model to identify risky Splunk search commands.
Security Made Stronger with Splunk UBA 5.1
Splunk User Behavior Analytics (UBA) version 5.1 is here. In this new version, Splunk continues to build upon our industry-leading behavioral analytics platform. UBA 5.1 provides new operating system support, installation and configuration upgrades, security vulnerability patches and per data source custom configuration. To learn more, check out the blog.
Splunk Detections: Malicious Payloads and Destructive Software
The Splunk Threat Research Team (STRT) actively monitors the emergence of new cyber threats within ongoing events in Eastern Europe, and recently developed several detections to help defend against malicious payloads and destructive software.
View our on demand webinar to learn more about:
- Malicious payloads like AcidRain, Cyclops Blink, CaddyWiper, DoubleZero Destructor and HermeticWiper.
- Detections to enhance security operations and defense strategies.
Splunk SOAR and Splunk Enterprise Security Named Customer Favorites by TrustRadius
Splunk is honored to be the recipient of a series of awards from TrustRadius—all based on customer reviews. In the security category, Splunk SOAR and Splunk Enterprise Security came out on top!
- Splunk Enterprise Security (ES) won awards for Best Feature Set and Best Relationship in the Security Information and Event Management (SIEM) category.
- Splunk SOAR won awards for Best Feature Set and Best Relationship in the Security Orchestration, Automation and Response (SOAR) category.
Not too shabby! To learn more about the TrustRadius awards, check out the blog. You can also leave your own review here.
