October 2022
Detections & Analytics from the Splunk Threat Research Team
The Splunk Threat Research Team recently released Enterprise Security Content Update v3.50.0 with 19 new detections and 4 new analytic stories.
Release highlights include:
- A new type of analytic that leverages the Splunk App for Data Science and Deep Learning to detect DNS connections to domains generated by Doman Generation Algorithms.
- A new analytic story called Okta MFA Exhaustion and updated analytic story Suspicious Okta Activity with 8 new detections in response to the recent successful attacks to Uber, CloudFlare and Cisco that abused MFA push spam against Okta as a common technique.
The Splunk Threat Research Team also published a blog for defending against the new exploitation tool Brute Ratel. New content includes analytic stories featuring detections of related malicious payloads, a Yara rule, and details on how to use Splunk SOAR to defend against this threat.
Bingo! 10 Security Standards in 2022 You Can’t Live Without: RSA Top-Rated Session Follow-up
If you had a chance to watch the original top-rated RSA 2022 session with Kirsty Paine and Bret Jordan, tune in for an exclusive follow-up where they share new insights since the presentation was delivered and answer questions from viewers on October 26th. This session will not be recorded or available on demand, so be sure to register today.
Webinar
Join Patrick Coughlin (GVP Security Portfolio Market Strategy at Splunk) and Mike Rothman (General Manager at Techstrong Research) for a fireside chat in which they dive into the current security landscape, the evolution of security tooling, the benefits of a data-centric approach to security, and predictions on the state of SOCs over the next five years. Click here to register
ML in Security: Risky SPL Detection with MLTK
Join Splunk Machine Learning experts Greg Ainslie-Malik, Abhinav Mishra, and Kumar Sharad as they dive into specific examples of how the Splunk team is using ML to detect risky SPL and how it relates to the Machine Learning Toolkit (MLTK). Click here to register.
You can also read more about ML-based detections to help find users running highly suspicious SPL commands in this blog from the Splunk Threat Research Team.
.conf22 Breakout Sessions Available On Demand
If you weren’t able to attend .conf22 in June this year, all breakout sessions are now available for viewing online. Browse hundreds of sessions, but here are a few of our favorite security sessions to get you started:
- Curating Your Risk Ecology: Making Risk Based Alerting Magick (SEC1144C)
- A Beginner’s Guide to SOAR: Automate 5 Basic Security Processes in Under 30 Minutes (SEC1304C)
- Build Detection as Code Like the Splunk Threat Research Team (SEC1197C)
- Splunk SOAR + SIEM: An Automation Powerhouse for Cyber Incident Response (SEC1676B)
Tech Talks
You're invited
Join the Splunk Threat Research Team on Tuesday, October 25, 11am PT / 2 pm ET for a demo of Splunk Attack Range v2.0.
They’ll discuss:
- How the Splunk Threat Research Team leverages the Splunk Attack Range
- The newest features available in the Splunk Attack Range v2.0
- Future plans for Splunk Attack Range v3.0
Now On Demand
Platform Edition
The Developer’s App Starter Kit | Watch Now
Observability Edition
Introducing Log Observer Connect: Powering Observability with Splunk Cloud Platform Logs | Watch Now
View More Tech Talks
Do more with Lantern
It's been a busy month for Splunk Lantern, with a host of fresh new Getting Started Guides, use cases and product tips that have been added to our site.
We’ve also launched a new feedback widget! You can now use the orange tab on the left-hand side of our pages to tell us how articles are working for you, or where improvement is needed. Please take the time to leave feedback on our articles so we can make sure our content is effective in helping you succeed with Splunk.
Check out our Community Blog to learn more!
Find an App with Splunkbase
Have you seen the new Splunkbase? It’s a whole new user experience with faster and better search results, more detail in the app listings, and app collections focused on use cases that drive value!
Now you can easily find the apps that are trending in the community, or see which apps have the highest ratings from users. Want to try our hand-curated collections of apps? Check out the Staff Picks, try Getting Started with Security, improve your Threat Detection and Response, consider Getting Started with ML, and get visibility of your Pipeline Analytics for DevOps.
Education Corner
Splunk Education has been working hard behind-the-scenes to prepare our Splunk 9.0 platform training release. The first 9.0 courses were released late September and we will continue to roll out updated training content in the coming weeks and months. Splunk Administrators who will be administering Splunk 9.0 should definitely check out the upgraded versions of Splunk System Administration and Splunk Data Administration with expanded content and new Q&A slides.
Stay tuned for more exciting news in the months to come about an expansion to our free training offerings and (maybe) even a new certification in early 2023!
