OCTOBER 2023
See More, Act Faster, and Simplify Investigations with Splunk Enterprise Security 7.2
The latest release of Splunk Enterprise Security 7.2 introduces capabilities that deliver an improved workflow experience for simplified investigations; enhanced visibility and reduced manual workload; and customized investigation workflows for faster decision making. Learn more about the release in our blog, our Product News & Announcement Post and join the Tech Talk to watch the Splunk team walk through the new capabilities.
New to Enterprise Security? Check out The Beginner’s Guide to Security Monitoring for Enterprises.
Splunk Mission Control 3.0 Release
We’re happy to announce the release of Mission Control 3.0 which includes several new and exciting features made available to Splunk Enterprise Security Cloud users. Read the Splunk Community post to learn more about the new features available with this release.
Security Content from the Splunk Threat Research Team
The Splunk Threat Research Team released 8 new detections and 1 new analytic story in the last month. Read the Product News & Announcements post to learn more. The team also published the following blogs:
- Sharing is Not Caring: Hunting for Network Share Discovery
- Defending the Gates: Understanding and Detecting Ave Maria (Warzone) RAT
- Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs
New blogs to help you make the most of Splunk Security
- Revisiting the Big Picture: Macro-level ATT&CK Updates for 2023
- Threat Hunting for Dictionary-DGA with PEAK
- Deep learning in security: text-based phishing email detection with BERT model
The PEAK Threat Hunting Framework
The PEAK Threat Hunting Framework takes the experience of top threat hunters and translates their insights to help you gain the most value from threat hunting across your entire security operations. Download your copy of “The PEAK Threat Hunting Framework” to discover more about the framework, including new hunt types and processes, defined deliverables, actionable metrics, and prioritized detection types.
See PEAK in action during our Model-Assisted Threat Hunting Powered by PEAK and Splunk AI webinar.
Unveiling the Complete Great Resilience Quest!
We are excited to announce the release of the final two levels - “Proactive Response” & “Optimized Experiences” of the Great Resilience Quest! You can now fully explore your path to resilience and learn more about implementing security use cases in this interactive experience.
Platform Updates
The Business Case for Unifying Security and Observability
As businesses and government organizations become more digital, more and more systems become mission-critical. Given the potential business impact, executives and board members should accept these as business issues, ensuring system security and resilience must be addressed as part of business planning, risk management, and operations. Dive into the research from the Enterprise Strategy Group and Splunk to learn more.
Introducing Federated Search for Amazon S3 for Splunk Cloud Platform
Splunk is pleased to announce the general availability of Federated Search for Amazon S3, a new capability that allows you to search data from Amazon S3 buckets directly from Splunk Cloud Platform without the need to ingest it.
Enterprises Realize Benefits from Migrating to Cloud with Splunk
Hear from other customers, leaders and practitioners who chose migrating to Splunk Cloud Platform as a better way to drive business value, efficiency and scale.
Syslog in Splunk Edge Processor Supercharges Security Operations with Palo Alto Firewall Log Reduction
Splunk Edge Processor now supports syslog-based ingestion protocols, making it well-equipped to wrangle complex and superfluous data. Users can deploy Edge Processor as an end-to-end solution for handling syslog feeds such as PAN logs, including the functionality to act as a syslog receiver, process and transform logs and route the data to supported destination(s).
Go beyond the buzz and start harnessing the power of ML and AI
Learn about the different AL/ML features across Splunk and leverage the recommended apps and use cases. Check out the new AI and ML tab on the Essentials Board to kickstart your journey.
IDC Report: Enterprises Report Benefits of Migrating to Splunk Cloud Platform
As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus more on driving business value, efficiency and scale. Moving deployments to the cloud delivered as a software-as-a-service (SaaS) offers a win-win for current Splunk customers. In this analyst report, IDC examines the drivers and benefits that drove these enterprises to migrate deployments from on-premises to Splunk Cloud Platform delivered as a service. Customers documented for IDC the various business outcomes and benefits after migrating to the cloud and shared their journeys.
Tech Talks, Office Hours and Lantern
Tech Talks
What’s New In Splunk SOAR?
Join the Splunk SOAR team as they share more on the latest and greatest updates in Splunk SOAR. Register Now >
- Nov 8 - What’s New in Splunk SOAR 6.2
- Nov 15 - Advance Your App Development with the Visual Studio Code Extension
Streamline Data Ingestion with Deployment Server Essentials
Learn the essential knowledge required for ingesting and managing any variety of data sources in Splunk, regardless of its origin or scale. Consider this your “Deployment Server: 101” essentials crash-course. Tune in here >
Optimizing Customer Experiences with Splunk's Digital Experience Monitoring
Discover Splunk's approach to digital experience monitoring. Splunk experts discuss the different elements of Splunk's Digital Experience Monitoring (DEM) portfolio and how it can help you optimize your customer experience. Read the Blog >
Community Office Hours
Join our upcoming Community Office Hour sessions, where you can ask questions and get guidance!
- Security: Enterprise Security - Wed, Oct 25 at 1pm PT/4pm ET (Register here)
- Security: Risk-Based Alerting (RBA) - Wed, Nov 8 (Register here)
- Security: SOAR - Wed, Nov 29 (Register here)
- Splunk Search - Wed, Dec 13 (Register here)
Splunk Lantern
This month’s Lantern blog highlights two sets of articles that illustrate how you can effectively use multiple parts of the Splunk product suite to solve some of your most crucial observability problems. These articles show the synergies between Splunk products and features, showcasing how they work together to enhance your outcomes beyond each product’s individual parts.
Education Corner
Introducing Free eLearning for SOAR Administrators
Developing Playbooks for Splunk Mission Control is targeted to help SOAR administrators gain the skills needed to harness the full potential of Splunk Mission Control. In this eLearning, SOAR playbook developers will learn how to use the SOAR Visual Playbook Editor (VPE) to create, test, and deploy playbooks for Mission Control. Admins will also learn how Mission Control and SOAR communicate, how playbooks operate within the Mission Control environment, and how to effectively utilize playbooks to interact with Mission Control incidents and response plans. This is your chance to take your SOAR expertise to “great new heights.”
Splunk Training Units Give You a Pass to Class
At Splunk, we are committed to ensuring that our learning is accessible to everyone, everywhere. And, our customers understand the serious need for and value of a skilled workforce, which is why they add paid-for training into their Splunk software contracts. If you’re looking to take advantage of our eLearning with Labs or Instructor-led training courses, check in with your Customer Organization Manager who helps allocate training units (TUs) and tracks usage. Read our FAQ for more information about enrolling in STEP and accessing TUs for your courses.
