We are thrilled to announce the latest innovations to Splunk Enterprise Security (ES) 7.0 - now available on Splunkbase! 🙌🏼
ES 7.0 continues to improve on capabilities released in 6.6, while launching new features essential to the modern SOC. Let’s get right into it!
Executive Summary Dashboard
The new Executive Summary Dashboard surfaces key performance indicators that provide insights on the overall health of the SOC and facilitate reporting to CISOs and other senior leaders.
This allows you to quickly access key insights such as:
Mean Time to Triage
Mean Time to Resolution
Risk-Based Alerting Trends
Security Operations Dashboard
Similar to the Executive Summary Dashboard, the Security Operations Dashboard shares key insights but provides deeper analysis capabilities designed for SOC managers and team leads. These deeper insights allow for analysis of assigned notables and analyst workflows, and notable dispositions.
ES 6.6 introduced a dispositions feature of incident review that allowed you to record whether an event was a true positive, false positive, or benign positive. Now, with 7.0 you can see and report on this data over time, and get a deep dive into exactly which correlation sources contribute to each of the 4 default disposition types. This will allow your team to decide which should be expanded on and which are eligible to be retired.
Check out this demo from .conf21 for a brief overview of the Executive Summary and Security Operations dashboards.
Cloud Security Monitoring Dashboards
Cloud complexity is on the rise and it is consistently challenging to get visibility into your environments because many security teams are using numerous siloed security products that are not integrated. 75% of cloud infrastructure users are multi-cloud today, and two years from now 87% are expected to use multiple cloud service providers.
Cloud environments introduce new attack surfaces, such as new data streams, workloads, applications, and more to manage and secure. This increases risk and vulnerabilities. ES 7.0 adds five brand new dashboards focused on data from Cloud-native data sources to bring visibility across your hybrid environment with multi-cloud security monitoring. These new dashboards are:
AWS Security Groups
AWS IAM Activity
AWS Network ACLs
AWS Access Analyzer
Automated Real-Time Content Updates
The Enterprise Security Content Updates (ESCU) app is included with ES 7.0. ES and will proactively notify you when a new update to the Content Updates App is available. Now, you get the latest security content from the Splunk Threat Research Team, as soon as it is available, with one click!
Modernized User Experience
ES has undergone a large change to the user experience, bringing it in line with other Splunk security products, adopting modern development frameworks and best practices. Also, Splunk ES UI now allows you to switch between light and dark modes (Cloud Only), so you can choose what works best for you.
Get Started or Upgrade Today!
To make your life as easy as possible, Splunk ES 7.0 updates are available in both Cloud and On-Prem environments. So no matter how you Splunk, you now have access toES 7.0.
To learn more about these updates, check out the recent .conf21 ES 7.0 overview presentation. Also, sign up now to attend the Splunk Security Analytics Virtual event on January 20th to see all the latest and greatest from Splunk for Security!
Happy Splunking! 🖖🏼
— Alexa Araneta (no relation to your Amazon device - I don't know her 💅🏼) Product Marketing, Splunk Enterprise Security