Splunk Tech Talks
Deep-dives for technical practitioners.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
New Article

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security 7.2

WhitneySink
Splunk Employee
Splunk Employee
‎09-29-2023 12:50 PM

WATCH NOW!

This Tech Talk features demos around our latest release of Splunk Enterprise Security 7.2! We’ll walk through our new capabilities that deliver an improved workflow experience for simplified investigations; enhanced visibility and reduced manual workload; and customized investigation workflows for faster decision-making.

You’ll also hear from the Splunk Threat Research Team who will discuss the latest security content updates that make Splunk Enterprise Security more powerful and protect you from the latest threats.

Screenshot 2023-10-24 at 1.09.24 PM.png


Highlights:

  • Learn about the new improvements and features requested directly from Splunk Enterprise Security users, submitted through the Splunk Ideas portal
  • Simplify your workflow experience while reducing manual workloads and increasing the speed of investigation and response
  • Integrate top-tier detections and defenses into your security operations using the latest security content to find and remediate threats faster

WATCH HERE!

Labels
0 Karma
3 Comments
adepp
Splunk Employee
Splunk Employee
‎10-12-2023 12:10 PM

Hi everyone,

Don’t forget to register for our Office Hours: Enterprise Security session on Wed, Oct 25 at 1pm PT/4pm ET. Technical Splunk experts will be there to answer questions and provide how-to guidance on all things ES.

Register here to secure your spot and submit your questions at registration!

See you there,

Baylie

 

0 Karma
WhitneySink
Splunk Employee
Splunk Employee
‎10-24-2023 12:24 PM

Here are a few top of mind questions from the live Tech Talk

 

Q. How long does it take to upgrade from 7.1.1 to 7.2.0 ?

A. It depends on your architecture and how many other components also require upgrades. The core Enterprise Security search head upgrade app runs in about 10 minutes, however backups and other app updates add to the time.

Line.png

 

Q. Do you have any detection search to find anomaly login?

A. We have a list of detections in this analytic story: Suspicious AWS Login Activities, that cover various detections related to anomalous login activity, you can repurpose this SPL logic to a data source of your choice.

Line.png

Q. Can you list the recommended steps for upgrading ES to version 7.2?

A. Please see our documentation here: https://docs.splunk.com/Documentation/ES/7.2.0/Install/Beforeupgrading

Line.png

Q. My incident review looks nothing like this. How can I get this view?

A. In ES 7.2.0, follow these steps to turn on the enhanced analyst workflows on the Incident Review page:

From the Splunk ES menu bar, select Configure > General > General Settings.

Locate the card for Enhanced Incident Review Workflows.

Select Turn on to turn on the ability to use shared views, table filters, and table columns on the Incident Review page.

0 Karma
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...