June 2023
Security content from the Splunk Threat Research Team
There have been four releases of security content in the last month, which provide you with 73 new detections, 7 new analytic stories and 1 updated analytic story, which are all available via the Enterprise Security Content Update (ESCU) app and Splunk Security Essentials (SSE) app. Splunk also recently released v4.0 of Splunk Security Content. Learn more about the content development process and 4.0 release highlights in this blog.
Learn more about all the content developed by the Splunk Threat Research Team in the Q1 Roundup blog and corresponding Tech Talk.
New blogs to help you make the most of Splunk Security
- Haylee Mills is back with another great RBA blog, providing a deep dive into the four levels of the Splunk RBA Journey to plan for successful implementation.
- Following the introduction of the PEAK Threat Hunting Framework, the SURGe team now has deeper dive blogs for model-assisted threat hunts and hypothesis-driven hunts.
- Splunk field hashing and masking capabilities for compliance are now available with ingest actions and role-based field filtering (preview) features.
Getting Started with SOAR in Mission Control
Splunk Mission Control integrates the security orchestration and automation features of Splunk SOAR (Cloud) to deliver a unified experience for threat detection, investigation, and response. Explore our demo to understand how you can build a SOAR playbook in Mission Control to automate your security actions at machine speed.
Security Partnerships
- Splunk, in consultation with SAP, has developed the Splunk® Security for SAP® solutions, an SAP Endorsed Application that allows security teams to leverage Splunk to monitor, identify and address threats impacting SAP environments. Click here to learn more about the benefit this app provides customers with SAP environments, and check out the demo video to see it in action.
- ·Splunk and Tenable have partnered to incorporate exposure management into the Splunk unified security operations experience so that vulnerability data can be immediately accessible and actionable for security analysts within Splunk. Read more about the integration here.
- Amazon Security Lake — announced for public preview at AWS re:Invent in November of 2022 — is now generally available, and Splunk is excited to announce the general availability of the Splunk Add-On for AWS v7.0. Read our blog to learn how you can make the most of this partnership.
.conf23 Session Catalog
We are excited to share that our .conf23 Session Catalog is now available! Check out the wide array of engaging and informative Security sessions and workshops awaiting for you at .conf23. We invite you to “favorite” the sessions that spark your interest right away. After perusing and selecting your preferred sessions now, return in mid-June to construct your unique, personalized schedule.
Read our round-up blog of Must-Attend EMEA Sessions at .conf23 from Matthias Maier.
Let your Security learning journey at .conf23 begin!
Tech Talks, Office Hours, Community, Resources and Lantern
Security Edition Tech Talk
Since the release of Splunk SOAR 6.0, the Splunk SOAR team has been hard at work implementing new features and integrations to help improve the SOAR user experience.The version 6.0 release represents a culmination of efforts to become part of the vision of a truly unified Splunk security experience and provides a single security operations solution with its integration with Mission Control. Join us as we take a look at the latest and greatest for Splunk SOAR 6.0 and 6.0.1.
Admin Office Hours and Community
Office Hours
Interested in getting live help from technical Splunk experts? Join our upcoming Community Office Hour session for Hybrid/On-Prem Admins, where you can ask questions and get guidance on optimizing your Splunk deployment, monitoring performance, and more! Limited Spots Available - Register Now!
- Awesome Admins: Managing Your Hybrid/On-Prem Deployment - Wed, June 28 at 1pm PT/4pm ET
Community
Check out the new Community blog, where the Admin Configuration Service (ACS) team shares with you new training resources, recent ACS features, and the ACS Helper App.
Splunk Lantern
It’s been a busy month for the Lantern team as we’ve been launching brand new types of articles on Lantern. We’ve got new Prescriptive Adoption Motions for Security to help you smoothly implement popular security use cases, plus a war story spotlighting how our partners work with Splunk to achieve best-in-class incident management. Check out our blog to find out about these and more.
Foundational Splunk Resources
Are you fairly new to Splunk? Head over to the Splunk Essentials Adoption Board and get the deets on foundational Splunk resources that help you get started with Splunk Security and Observability solutions.
Remember to bookmark this page for future reference and look out for more content updates in the coming months! And if you have any feedback or recommendations for this board, please be sure to give us your thoughts here.
Education Corner
Level Up Your Certification Game at Splunk .conf23 in Vegas!
Validate your mad skills with Splunk Certifications at .conf23. Splunk is rolling out its new Splunk Certified Cybersecurity Defense Analyst (CDA) exam and Splunk O11y Cloud Certified Metrics User Certification at .conf23 in Las Vegas, July 17-July 20. This is your exclusive opportunity to take the CDA for FREE and earn another coveted badge. You can also sit for the Cloud Certified Metrics exam, plus any other Splunk certification exam, on-site for the deeply-discounted price of just $25. Oh, and if you’ve been thinking about getting your Splunk Certified Developer Certification, this is your last chance to take the exam before it sunsets (AKA: is discontinued). Mark your calendars, fire up your laptops, and get ready for an unforgettable education extravaganza.
Splunk University is the New Summer School
Las Vegas is the place for learning in July! If you are headed to .conf23, consider coming into Sin City early to attend one or more of over a dozen bootcamps, including two brand new courses on Mastering Your Data Essentials, and Blue Team Academy: Cybersecurity Defense Analyst Essentials. Our certified Splunk Education instructors will help you develop deeper expertise about using Splunk products to protect your organization. Splunk University will take place on July 15-17, and Thursday, July 20.
Bridging the Technical Skills Gap
The buzz around the technical skills gap has been hard to miss lately as the world scrambles to reimagine a future of tech training and workforce diversity. And top business leaders worldwide are jumping into the conversation, actively seeking solutions to create a more diverse workforce that's better equipped to fill crucial cybersecurity roles. If you're eager to gain new perspectives about this hot topic, find out what Eric Fusilero, VP Global Enablement and Education at Splunk, and others shared during the DeVry University CEO Roundtable.You can read an overview in Eric’s latest blog, which also includes a complete recording of the discussion.
STEP Right Up to a New Learning Experience
Calling all Splunk admins, architects, and users! On May 22, Splunk introduced a brand-new Splunk Learning Platform (STEP) – a new user interface where learners can access eLearning materials, in-person enrollments, completed training, and course completion certificates. Don't worry, the link you're familiar with (https://education.splunk.com) remains the same. But once you step into the revamped platform, get ready to embark on a more visual and engaging journey. Log in today, take a quick tour, and while you're at it, why not enroll in a course that piques your interest? The opportunities to expand your career potential are limitless with Splunk Education.
Talk with us about Splunk!
We will be back in August!
Until then,
Happy Splunking
