Splunk Tech Talks
Deep-dives for technical practitioners.
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Article

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat Topology and MITRE ATT&CK Visualizations

WhitneySink
Splunk Employee
Splunk Employee
‎03-15-2023 01:26 PM

 

(view in My Videos)

Struggling with alert fatigue, lack of context, and prioritization around security incidents? With Splunk Enterprise Security 7.1, we made it even easier to analyze malicious activities and determine the scope of incidents faster. Splunk Enterprise Security 7.1 new visualization features include Threat Topology, which determines the scope of security incidents, and MITRE ATT&CK Framework Visualization, which highlights the tactics and techniques observed in risk events so that you can respond faster.

Highlights:

  • Quickly discover the scope of an incident to respond with accuracy
  • Improve security workflow efficiencies with embedded frameworks
  • Operationalize the MITRE ATT&CK framework when responding to Notable Events
  • Identify additional impacted subjects of an investigation without writing a single line of code of query language
Labels
0 Karma
3 Comments
dokaas_2
Communicator
‎08-15-2023 03:54 AM

These visualizations looks great.  However, I'm on version 7.1.1 and I don't see the visualizations.  Is there any special configurations/conditions required to get them to display?

0 Karma
WhitneySink
Splunk Employee
Splunk Employee
‎08-22-2023 12:48 PM

@dokaas_2 

Thanks for the question.  The topology and MITRE will show if there is data associated to and the visualization should display on 7.1.1.  You should not need to make any changes to your configurations.  The matrix will show for all notable events that have the following fields:

  • risk_object
  • risk_object_type
  • annotations.mitre_attack.mitre_technique_id
0 Karma
user487596
Explorer
‎06-11-2024 07:54 AM

video link doesn't work

0 Karma
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...