Security Highlights | November 2022 Newsletter

November 2022

2022 Gartner Magic Quadrant for SIEM: Splunk Named a Leader for the 9th Year in a Row

Splunk is thrilled to announce that we have been named a Leader in the 2022 Gartner Magic Quadrant for Security Information and Event Management. Learn more about the innovations in Splunk Enterprise Security over the last 12 months in this blog or download the full report from Gartner here.

You can also read more about key SIEM capabilities and features in our blog “Six SIEM Essentials for Successful SOCs.”

Detections & Analytics from the Splunk Threat Research Team

The Splunk Threat Research Team (STRT) has had two recent releases of security content in the Enterprise Security Content Update (ESCU) app. The most recent being v3.52.0, which includes 27 new detections and 4 new analytic stories. These detections are now available in Splunk Enterprise Security via the ESCU application update process or via Splunk Security Essentials (SSE).

Highlights from both releases include:

• An update to the Splunk Vulnerabilities analytic story that contains 6 new detections for the latest CVEs published by Splunk in the Quarterly Security Patch Updates on November 2nd, 2022.
• Several new detection analytics that help you detect unusual activities that might relate to the Qakbot/QBot malware including parent-child process anomalies, persistence, initial access, recon and many more.
• A new detection for Text4Shell (CVE-2022-42889), a new critical vulnerability similar to the old Spring4Shell and Log4Shell.
• An advisory analytic story to assist defenders with CISA AA22-277A, which was recently released by the Cybersecurity and Infrastructure Security Agency (CISA) in response to an advanced persistent threat (APT) that utilized Impacket, an open-source toolkit, and other common techniques.
• Updated content based on feedback and simulated attack data related to ProxyNotShell, which is a continuation of the ProxyShell saga but requires valid credentials.
• Additional content for the Cloud Account Takeover use case with four new analytics that help detect attacks against Multi-factor Authentication (MFA) defense mechanisms for Amazon Web Services (AWS) console and 6 new analytic stories to help detect GCP Account Takeover.

The Splunk Threat Research Team also published the blog “Dark Crystal RAT Agent Deep Dive,” which highlights Splunk analytics developed for that Remote Access Trojan (RAT) to help you identify signs of compromise within your network.

Splunk App for Fraud Analytics

To help combat the continued rise in Fraud, the Splunk App for Fraud Analytics provides an anti-fraud solution that integrates with the detection and investigation power of Splunk Enterprise Security. Learn more about the app in our recent blog “Detect Fraud Sooner with the Splunk App for Fraud Analytics.”

InfoSec App for Splunk

Have you heard of the InfoSec App for Splunk? It can be used as your security starter pack to address some of the most common security use cases. Learn more in our recent blog “Splunk Security with the Infosec App.”

Federated Search for Security

Earlier this year, Splunk introduced Federated Search, which allows users to leverage Splunk search, alerting and dashboarding capabilities for data across multiple, disparate Splunk deployments. Federated Search can also be used to enable security use cases. Learn how you can make the most of Federated Search for security in this blog.

Security Events

Splunk delivered a lot of great security information in the past month. In case you missed them, here are the on demand Tech Talks and webinars:

Tech Talks:

• Splunk Attack Range: Build Simulate, Detect
• Purple Teaming - Build, Attack, and Defend Your Organization
• Responding to risk notables at machine speed using automation

 Webinars:

• Future of Security Operations Centers (or read the highlights and get the related report in this blog)
• ML in Security: Risky SPL Detection with MLTK
• SOC, Amore Mio! Following .italo’s Tracks to a More Mature SOC

Understanding Zero Trust with AWS and Splunk

Achieving a comprehensive zero trust policy involves a range of integrated components and requires an ecosystem approach. Read our new white paper to learn how to align zero trust methodologies with AWS Services through Splunk’s ecosystem of applications.

Splunk Honored with Five TrustRadius Best Software Awards

Splunk got more great news this month, and we are excited to be the recipient of five “Best Software” awards from TrustRadius.

• Splunk Enterprise Security (ES) won awards for Best Software for Enterprise, Best Software for Mid-Sized Businesses, and Best Software for Small Businesses.
• Splunk SOAR won awards for Best Software for Enterprise, and Best Software for Mid-Sized Businesses.

To learn more about the TrustRadius awards, check out the blog. You can also leave your own review here.

Education Corner

Over 20 FREE eLearning Courses Help You Up-Skill with Splunk

Splunk can give you the superpowers you need to save the day. Our latest survey shows that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever with more than 20 self-paced, free eLearning courses. Start with foundational courses like Intro to Splunk or dive into more advanced courses like Search Under the Hood, Visualizations, and many more. Enroll today so you have the skills to detect the good, the bad, and the unproductive.

Oh, and you can stand out as a data superhero with Splunk swag! If you are one of the first 500 learners to complete three or more unique FREE eLearning Courses between 11/14/22 - 1/31/23, you’ll be entered into a drawing for a chance to win $100 to spend on Splunk t-shirts, socks, water bottles, and so much more! Terms and Conditions apply.

Community

Ongoing Blog Series on OpenTelemetry: Use OpenTelemetry to Auto Instrument WordPress

 OpenTelemetry is often associated with modern microservices and cloud-native applications. What happens if we apply OpenTelemetry and modern observability techniques to something completely different? WordPress is the world's most popular weblog software. And it's also an almost 20 years old monolith. What happens if we use OpenTelemetry auto tracing and the Splunk Observability cloud?

Imagine you are responsible for running WordPress sites. What insights can we bring with modern tools to a popular monolith? Just by instrumenting the environment, without any changes to the WordPress code.

Read the blog post to learn about this process step-by-step!

Do More with Lantern

The Lantern team are excited to announce that we have partnered with Splunk’s OnDemand Services team on a live chat feature to help you solve problems in real-time. The chat system connects you instantly to one of our OnDemand experts, who can help with the specifics of articles, as well as connect you to other ways you can get help.

This initial trial of our chat feature is only available until Friday, November 18, so hop onto Lantern today and test it out with your most urgent Splunk implementation questions.

Read about this and see all our latest articles in our monthly blog.

Find an App with Splunkbase

It’s been over a month since the new Splunkbase released as the default experience. Thanks for the supportive feedback you have given! We hope that in addition to using the improved search engine you are also following the Trending Apps on Splunkbase and the New Splunk Built and Supported Apps sections just down the home page.

Currently trending are the popular Splunk Add-on for Microsoft Windows and the Splunk Add-on for Unix and Linux. And with the new month comes a new update of the Splunk ES Content Update  with lots of new and updated security insights.