Product News & Announcements
All the latest news and announcements about Splunk products. Subscribe and never miss an update!

Security Highlights | November 2022 Newsletter

LesediK
Splunk Employee
Splunk Employee

Email Header-Customer Success Monthly Account Newsletter-101-security-01.jpg

 

November 2022

 

2022 Gartner Magic Quadrant for SIEM: Splunk Named a Leader for the 9th Year in a Row

Splunk is thrilled to announce that we have been named a Leader in the 2022 Gartner Magic Quadrant for Security Information and Event Management. Learn more about the innovations in Splunk Enterprise Security over the last 12 months in this blog or download the full report from Gartner here.

You can also read more about key SIEM capabilities and features in our blog “Six SIEM Essentials for Successful SOCs.”

LesediK_6-1666045427080.png

 

Detections & Analytics from the Splunk Threat Research Team

The Splunk Threat Research Team (STRT) has had two recent releases of security content in the Enterprise Security Content Update (ESCU) app. The most recent being v3.52.0, which includes 27 new detections and 4 new analytic stories. These detections are now available in Splunk Enterprise Security via the ESCU application update process or via Splunk Security Essentials (SSE).

Highlights from both releases include:

  • An update to the Splunk Vulnerabilities analytic story that contains 6 new detections for the latest CVEs published by Splunk in the Quarterly Security Patch Updates on November 2nd, 2022.
  • Several new detection analytics that help you detect unusual activities that might relate to the Qakbot/QBot malware including parent-child process anomalies, persistence, initial access, recon and many more.
  • A new detection for Text4Shell (CVE-2022-42889), a new critical vulnerability similar to the old Spring4Shell and Log4Shell.
  • An advisory analytic story to assist defenders with CISA AA22-277A, which was recently released by the Cybersecurity and Infrastructure Security Agency (CISA) in response to an advanced persistent threat (APT) that utilized Impacket, an open-source toolkit, and other common techniques.
  • Updated content based on feedback and simulated attack data related to ProxyNotShell, which is a continuation of the ProxyShell saga but requires valid credentials.
  • Additional content for the Cloud Account Takeover use case with four new analytics that help detect attacks against Multi-factor Authentication (MFA) defense mechanisms for Amazon Web Services (AWS) console and 6 new analytic stories to help detect GCP Account Takeover.

The Splunk Threat Research Team also published the blog “Dark Crystal RAT Agent Deep Dive,” which highlights Splunk analytics developed for that Remote Access Trojan (RAT) to help you identify signs of compromise within your network.

LesediK_6-1666045427080.png

 

Splunk App for Fraud Analytics

To help combat the continued rise in Fraud, the Splunk App for Fraud Analytics provides an anti-fraud solution that integrates with the detection and investigation power of Splunk Enterprise Security. Learn more about the app in our recent blog “Detect Fraud Sooner with the Splunk App for Fraud Analytics.”

LesediK_6-1666045427080.png

 

InfoSec App for Splunk

Have you heard of the InfoSec App for Splunk? It can be used as your security starter pack to address some of the most common security use cases. Learn more in our recent blog “Splunk Security with the Infosec App.”

LesediK_6-1666045427080.png

 

Federated Search for Security

Earlier this year, Splunk introduced Federated Search, which allows users to leverage Splunk search, alerting and dashboarding capabilities for data across multiple, disparate Splunk deployments. Federated Search can also be used to enable security use cases. Learn how you can make the most of Federated Search for security in this blog.

LesediK_6-1666045427080.png

 

Security Events

Splunk delivered a lot of great security information in the past month. In case you missed them, here are the on demand Tech Talks and webinars:

Tech Talks:

 Webinars:

LesediK_6-1666045427080.png

 

Understanding Zero Trust with AWS and Splunk

Achieving a comprehensive zero trust policy involves a range of integrated components and requires an ecosystem approach. Read our new white paper to learn how to align zero trust methodologies with AWS Services through Splunk’s ecosystem of applications.

LesediK_6-1666045427080.png

 

Splunk Honored with Five TrustRadius Best Software Awards

Splunk got more great news this month, and we are excited to be the recipient of five “Best Software” awards from TrustRadius.

  • Splunk Enterprise Security (ES) won awards for Best Software for Enterprise, Best Software for Mid-Sized Businesses, and Best Software for Small Businesses.
  • Splunk SOAR won awards for Best Software for Enterprise, and Best Software for Mid-Sized Businesses.

To learn more about the TrustRadius awards, check out the blog. You can also leave your own review here.

LesediK_6-1666045427080.png

 

Education Corner

LesediK_1-1669634679810.png

Over 20 FREE eLearning Courses Help You Up-Skill with Splunk

Splunk can give you the superpowers you need to save the day. Our latest survey shows that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever with more than 20 self-paced, free eLearning courses. Start with foundational courses like Intro to Splunk or dive into more advanced courses like Search Under the Hood, Visualizations, and many more. Enroll today so you have the skills to detect the good, the bad, and the unproductive.


Oh, and you can stand out as a data superhero with Splunk swag! If you are one of the first 500 learners to complete three or more unique FREE eLearning Courses between 11/14/22 - 1/31/23, you’ll be entered into a drawing for a chance to win $100 to spend on Splunk t-shirts, socks, water bottles, and so much more! Terms and Conditions apply.

LesediK_6-1666045427080.png

 

Community

Ongoing Blog Series on OpenTelemetry: Use OpenTelemetry to Auto Instrument WordPress

 OpenTelemetry is often associated with modern microservices and cloud-native applications. What happens if we apply OpenTelemetry and modern observability techniques to something completely different? WordPress is the world's most popular weblog software. And it's also an almost 20 years old monolith. What happens if we use OpenTelemetry auto tracing and the Splunk Observability cloud?

Imagine you are responsible for running WordPress sites. What insights can we bring with modern tools to a popular monolith? Just by instrumenting the environment, without any changes to the WordPress code.

Read the blog post to learn about this process step-by-step!

 

LesediK_6-1666045427080.png

 

Do More with Lantern

The Lantern team are excited to announce that we have partnered with Splunk’s OnDemand Services team on a live chat feature to help you solve problems in real-time. The chat system connects you instantly to one of our OnDemand experts, who can help with the specifics of articles, as well as connect you to other ways you can get help.

This initial trial of our chat feature is only available until Friday, November 18, so hop onto Lantern today and test it out with your most urgent Splunk implementation questions.

Read about this and see all our latest articles in our monthly blog.

LesediK_6-1666045427080.png

 

Find an App with Splunkbase

It’s been over a month since the new Splunkbase released as the default experience. Thanks for the supportive feedback you have given! We hope that in addition to using the improved search engine you are also following the Trending Apps on Splunkbase and the New Splunk Built and Supported Apps sections just down the home page.

Currently trending are the popular Splunk Add-on for Microsoft Windows and the Splunk Add-on for Unix and Linux. And with the new month comes a new update of the Splunk ES Content Update  with lots of new and updated security insights.

LesediK_6-1666045427080.png

 

 

Tags (1)
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...