Splunk Tech Talks
Deep-dives for technical practitioners.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
New Article

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat Topology and MITRE ATT&CK Visualizations

WhitneySink
Splunk Employee
Splunk Employee
‎03-15-2023 01:26 PM

(view in My Videos)

Struggling with alert fatigue, lack of context, and prioritization around security incidents? With Splunk Enterprise Security 7.1, we made it even easier to analyze malicious activities and determine the scope of incidents faster. Splunk Enterprise Security 7.1 new visualization features include Threat Topology, which determines the scope of security incidents, and MITRE ATT&CK Framework Visualization, which highlights the tactics and techniques observed in risk events so that you can respond faster.

Highlights:

  • Quickly discover the scope of an incident to respond with accuracy
  • Improve security workflow efficiencies with embedded frameworks
  • Operationalize the MITRE ATT&CK framework when responding to Notable Events
  • Identify additional impacted subjects of an investigation without writing a single line of code of query language
Labels
0 Karma
2 Comments
dokaas_2
Path Finder
‎08-15-2023 03:54 AM

These visualizations looks great.  However, I'm on version 7.1.1 and I don't see the visualizations.  Is there any special configurations/conditions required to get them to display?

0 Karma
WhitneySink
Splunk Employee
Splunk Employee
‎08-22-2023 12:48 PM

@dokaas_2 

Thanks for the question.  The topology and MITRE will show if there is data associated to and the visualization should display on 7.1.1.  You should not need to make any changes to your configurations.  The matrix will show for all notable events that have the following fields:

  • risk_object
  • risk_object_type
  • annotations.mitre_attack.mitre_technique_id
0 Karma
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...