May 2023
Level Up Your Cybersecurity with Risk-Based Alerting
Have you taken advantage of Risk-Based Alerting to reduce alert volume, gain higher fidelity alerts and get more context for analysis? Haylee Mills, Splunk Security Strategist, is here to help you get started on your RBA journey with an on-demand webinar RBA: The Future and Foundation of Next Generation Security and RBA blog series:
Splunk SOAR Playbook of the Month: Identifier Reputation Analysis
In the first entry of our new monthly series, the Splunk SOAR team is excited to share a more detailed look at the first playbook in our recent Enrichment Response Pack. Check out our blog on Identifier Reputation Analysis to see how your team can implement a workflow that will help them automate the alert and quarantine process for potential threats based on key identifier values.
Machine Learning in Security
The Splunk Machine Learning for Security team has two tech talks now available to view on-demand. The Elevate Your DGA Detection Game tech talk highlights the recently developed DGA Deep Learning pre-trained model that can be deployed in Splunk to identify DGA threats. The Suspiciously Named Processes tech talk showcases how Splunk uses Deep Learning to detect suspiciously named processes and how to deploy the detection using the Splunk App for Data Science and Deep Learning.
The team also recently developed a new detection now available in Enterprise Security Content Update app that uses a pre-trained deep learning model to look for signs of DNS Tunneling using TXT payloads. Learn more about the detection in this blog.
Model your response plans based on pre-built templates in Splunk Mission Control
To help you unify your security operations, Splunk Mission Control includes a Response Templates feature to optimize case management efficiency and help standardize your team’s operational processes. Check out the video demo of response templates to learn more about how they can help your team streamline your workflows.
Introducing the PEAK Threat Hunting Framework
The SURGe security research team has developed a new threat hunting framework to help you drive improvement in automated detection and stay ahead of attackers. The PEAK framework incorporates three types of hunts: hypothesis-driven, baseline, and model-assisted. Learn more about each and PEAK framework highlights in our introductory blog.
New Security Content from the Splunk Threat Research Team
The Splunk Threat Research Team has had three releases of security content in the last month, which provide you with 21 new detections and 4 new analytic stories. Read our Product News & Announcements post to learn more.
The team has also published the following blogs to help you stay ahead of threats:
- Threat Update: AwfulShred Script Wiper
- These are the Drivers You are Looking For: Detect and prevent malicious drivers
- Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise
- Detecting Threats with Splunk Security Content - Q4 Roundup and corresponding Tech Talk
Talking Unified SecOps with Special Guest Allie Mellon
Forrester SecOps Analyst Allie Mellen joins Splunk for a conversation about SecOps market dynamics, how Splunk is unifying, simplifying and modernizing SecOps, and some SOC predictions. View the recording here.
Splunk Gets the Hat Trick
Splunk is proud to be recognized as a Leader in SIEM by three analyst firms. Learn more about each report’s findings in our blog, and download your own copy of each today.
Webinars
Splunking for Outcomes: Kicking Off Your RBA Journey
This 30-minute, success-oriented webinar features Splunk's Ted Skinner, as he shares best practices, considerations, and learnings around RBA implementation. View this on-demand webinar if you are looking to implement RBA.
Scalable Security with Migration to Splunk Cloud Platform : Lessons Learned from Clayton Homes
June 15 | 10 am PT
Join Splunk’s own Olivia Henderson as she discusses best practices and lessons learned with Leonard Wall, Director of Information Security at Clayton Homes.
Education Corner
It’s Here! Announcing Our New Splunk Learning Platform
A huge shout out to all the Splunk admins, architects, and users who enroll in Splunk Education courses to help keep their organizations safe, secure, and resilient. We want to keep you – and all of our curious learners – coming back for more!
Introducing our new, feature-rich Splunk Training and Enablement Platform (STEP) where you can access all eLearning, in-person enrollments, completed training, and course completion certificates. You can use the same familiar link (https://education.splunk.com), but once you arrive get ready for a more visual and engaging experience. Log in today, take a quick tour, and enroll in a course while you’re at it.
We Think There’s a Hero in All of Us
Your hero’s journey to conquer Splunk Search Processing Language (SPL) starts here. Venture into the world of live, interactive Splunk technical training, claim victory over the content, and return to your organization with more knowledge about SPL than you ever imagined. It’s a three-part series taught by an experienced technical instructor – and it’s free! Get started today!
Get Your Cybersecurity Defense Analyst Certification at Splunk .conf23 in Vegas
We’re excited to announce a new certification exam being released at .conf23! If you’re going to Las Vegas for Splunk .conf23, this is your exclusive opportunity to take the new Splunk Certified Cybersecurity Defense Analyst (CDA) exam. This is a beta exam, so it’s FREE to register and only available at .conf23 in Las Vegas from July 17 through July 20, 2023. Oh, and while you’re with us in Vegas, you can also take any Splunk certification exam with Pearson VUE on-site at .conf23 for only $25 (a $130 value). Can’t wait to see you!
Admin Office Hours: Limited Spots Available - Register Now!
Interested in getting live help from technical Splunk experts? Join our upcoming Community Office Hour sessions for Cloud and Hybrid/On-Prem Admins, where you can ask questions and get guidance on optimizing your Splunk deployment, monitoring performance, automating tasks, and more! Register for the upcoming Community Office Hour sessions:
- Awesome Admins: Managing Your Cloud Deployment - Wed, June 14 at 1pm PT/4pm ET
- Awesome Admins: Managing Your Hybrid/On-Prem Deployment - Wed, June 28 at 1pm PT/4pm ET
Splunk Lantern
In addition to this new video series, we've also published a wealth of new informative articles this month, including a whole series of use cases for telecommunications organizations. Click through to learn more.
Until Next Month,
Happy Splunking
