August 2023
Introducing Splunk Attack Analyzer
Splunk is excited to introduce a new addition to the Splunk unified security operations experience: Splunk Attack Analyzer (formerly Twinwave), which automates threat analysis of suspected malware and credential phishing threats by identifying and extracting associated forensics to provide accurate and timely detections.
The Latest from SURGe
The SURGe security research team recently launched The Security Detail, a podcast that examines cyber threats across different industries. View episode information on this blog or listen on Apple Podcasts, Spotify or Podbean.
Bluenomicon: The Network Defender’s Compendium, a book of essays curated by the SURGe team, is now available digitally. Download your copy today.
Recordings of SURGe RSAC 2023 speaking sessions are now available:
- Trust Unearned? Evaluating CA Trustworthiness Across 5 Billion Certificates
- Rethinking Recruiting: Effective Hiring Practices to Close the Skills Gap
- Threat Informed Planning with Macro-level ATT&CK Trending
Splunk SOAR Playbook of the Month: Threat Hunting and Investigations
For the latest series entries, the Splunk team showcases how playbooks can improve your approach to threat hunting and investigations. Check out the blog on Threat Hunting to learn how playbooks can help you automatically hunt for indicators of compromise, identify those threats in your environment, learn the details of the affected machine, and how to better explore the affected file system. Then read this month’s blog on Investigations to see how you can perform investigations at machine speed using Splunk SOAR and one of our investigation playbooks, Internal Host WinRM Investigate.
Big News from OCSF
Splunk Enterprise and Splunk Cloud customers can readily ingest and analyze OCSF-formatted data from sources such as Amazon Security Lake or AWS AppFabric using the Splunk Add-On for AWS. Splunk Enterprise Security customers will also need the OCSF-CIM Add-On. Both the add-ons are available on Splunkbase at no extra charge.
Splunk AI: Catalyzing Digital Resilience in Cybersecurity and Observability
Artificial Intelligence (AI) has the potential to transform our industry. At Splunk, we see it as a catalyst for driving digital resilience — a way to accelerate human decision making in service of incident detection, investigation and response. Read this blog to learn more about Splunk’s AI strategy, vision, and newest capabilities.
The SANS 2023 SOC Survey
Learn about the latest capabilities, architecture and technology of the modern security operations center (SOC) in the 2023 SANS SOC Survey report
New blogs to help you make the most of Splunk Security
- New PEAK Threat Hunting Framework blogs for turning hunts into detections and measuring hunting success
- Identifying BOD 23-02 Network Management Interfaces with Splunk
- UK TSA Regulations: SOC Teams, Get Ready!
- DevSecOps is Here! Developers and SREs, Meet the SOC Team
Security Content from the Splunk Threat Research Team
The Splunk Threat Research Team has had two releases of security content in the last month, which provide 8 new detections, 16 updated detections and 7 new analytic stories. Read the Product News & Announcements post to learn more and check out these blogs to help you stay ahead of threats:
- Amadey Threat Analysis and Detections
- I am the Snake Now: Analysis of Snake Malware
- Machine Learning in Security: Detect DNS Data Exfiltration Using Deep Learning
Join The Great Resilience Quest!
The quest for digital resilience has officially kicked off at .conf23! 400+ participants loved seeing the new path to greater resilience come to life at the Success Zone and played the virtual quest.
Missed .conf? Worry not as you too can join the virtual "The Great Resilience Quest" to explore new use cases and put your Splunk know-how to the test. This quest is welcoming adventurers throughout the year! Embark on this quest to learn how to implement Security + Observability use cases and get the right support from Splunk experts that make you ‘ready for anything’.
It’s never too late to join this adventure. Join the challenge, expand your horizons and win prizes!
Tech Talks, Office Hours and Lantern
Tech Talks
OCSF, Amazon Security Lake and Splunk
Tuesday, August 29, 2023 | 10AM PT / 1PM ET Register to Attend
A technical overview on Open Cybersecurity Schema Framework (OCSF), Amazon Security Lake, how they integrate with Splunk today and where things are heading.
Top 5 Summer Playlist!
Immerse yourself in our top 5 technical deep dives and discover a world of knowledge this summer. Whether you’re a seasoned practitioner or an enthusiastic newcomer there’s plenty to choose from. Play Now
Admin Office Hours
Office Hours - Getting Data In
Interested in getting live help from technical Splunk experts? Join our upcoming Community Office Hour session for Getting Data In (GDI), where you can ask questions and get guidance on how to onboard your data sources, forwarder setup and troubleshooting, ingest actions, Edge Processor, and more! Limited Spots Available - Register Now!
- Getting Data In: Forwarders & Edge Processor - Wed, Aug 23 at 1pm PT/4pm ET
- Getting Data In: Platform (EMEA) - Wed, Sep 9 at 8am ET / 4pm UK time
Splunk Lantern - Read our latest blog update!
This month we’re sharing all the new articles we’ve published over the past month, with lots of interesting new use cases, product tips, and data articles. We’re also asking for your vote in our Customer Choice Content Competition! Over the quarter we’ve been developing articles that meet direct asks from you, our customers, and now we want to hear which one is your favorite. Read on to find out more!
Education Corner
Validate Your Splunk Certified Developer Skills Before It’s Too Late
Hot Cybersecurity Courses Added to the Splunk Free Training Catalog
It’s summertime in the Northern Hemisphere, which means it’s pretty hot everywhere. And the Splunk Education course curriculum is no exception! If you’re an aspiring Blue Team Academy defender, we’ve recently added two more free courses to our growing curriculum of over 40 free self-paced learning courses. Check out “The Cybersecurity Landscape” and “Security Operations and the Defense Analyst” courses now available and accessible anywhere, anytime.
Get a New Certification to Validate Your Cybersecurity Expertise
Showcased at .conf23, the Splunk Certified Cybersecurity Defense Analyst (CDA) certification exam is now open to the public in beta – for FREE. So, look over the study materials, take the exam, and show the world you're a Splunk Certified Cybersecurity Defense Analyst. We’ll give you a badge to prove it too!
Until next month,
Happy Splunking
