July 2022
Splunk Security Essentials 3.6.0 Release
Splunk Security Essentials Version 3.6.0 was Generally Available starting Thursday, July 21st. This update to SSE gives our customers a more holistic view of all their security content. Customers can now use a ransomware content browser, map all their content in the MITRE Framework, and utilize improved dashboards. Be sure to go to Splunkbase to get the latest version of Splunk Security Essentials.
Research to Help You Stay Ahead of Threats
The Splunk Threat Research Team (STRT) and SURGe by Splunk are here to be an extension of your security team. Explore the latest research and guidance from both teams:
- Introducing Splunk Attack Range v2.0
- Threat Update: Industroyer2
- Atlassian Confluence Vulnerability CVE-2022-26134
- Threat Update: AcidRain Wiper
- RCE à La Follina (CVE-2022-30190)
- Springing 4 Shells: The Tale of Two Spring CVEs
- Detecting Active Directory Kerberos Attacks: Threat Research Release, March 2022
- Threat Update: Cyclops Blink
SANS 2022 SOC Survey
Splunk recently sponsored the SANS 2022 SOC Survey, which explores the current SOC landscape, trends across incidents and security breaches from 2021-2022, and effective metrics for measuring the ROI of your SOC. Read some of the key highlights in this blog or download your complimentary copy here.
The State of Security 2022: Where do we go from here?
Join our webinar to hear Splunk security strategists and SURGe team members discuss key findings from The State of Security 2022 report, strategies for keeping up with adversaries, and recommendations to strengthen your security posture.
Strengthening Security in the Era of Digital Transformation
Splunk’s new President and CEO, Gary Steele, gave a keynote address at RSAC 2022 in June. If you were not able to attend, you can view the recording here and learn how to improve end-to-end visibility and enhance detection and response operations to strengthen cyber resiliency.
Education Corner
A huge thank you and congratulations to all of our Splunk University class of 2022 alums — and a special shout out to those who tested their knowledge and got Splunk Certified!
We met hundreds of you at the booth, the Hands-on Labs and at the first ever Bragging Rights Lounge to celebrate your accomplishments.
Even with all this excitement behind us, we still have big news: a totally reimagined web presence for Splunk Training and Certification is coming this August along with an exciting new rewards program. Follow us on LinkedIn to get a sneak peek in the coming weeks. We can’t wait to share what we’ve been working on!
Get Inspired with Splunk Community
Learn about the .conf22 experience from a community perspective
Memories of .conf22 are still simmering over here with the Splunk Community Team. We laughed, learned, shared, taught, and even got to hug (!) many of our community friends for the first time in three or more years. And, whether you were able to attend in Las Vegas in person or virtually online, the Splunk community presence was strong.
The "Community Hub" at the conference became the main hangout spot and offered 1:1 attention for attendees from both staff and the SplunkTrust, who helped in real-time with technical questions at our "Ask the Experts" booth. The Community and SplunkTrust breakout sessions were also a big hit. There was so much positive social energy bursting throughout all of Splunk's Community programs. So much so that it's hard to put into words. But, we tried! Check out updates and photos from the community and get a feel for what the experience was like on the ground.
Read the blog post to see community-based .conf22 highlights from Splunk's biggest event of the year!
Do More with Lantern
Are you looking for more ways to get insights from your data?
If you want to expand usage of your Splunk environment, the Splunk Lantern data descriptors can help.
- Data type descriptors look at generic categories of data - such as code management, storage, and web server data - without specifying which product or vendor the data come from.
- Data source descriptors look at specific data that your Splunk deployment might ingest, such as Active Directory, GitHub, or Salesforce.
These articles are discovery tools. They help you by linking to use case documentation that shows what you can do with that data in your Splunk deployment. They also link to Splunk documentation and Splunkbase add-ons so you can learn how to get data into your deployment easily. The Splunk Lantern team adds more data source articles all the time, so check back often to find information on the data sources in use at your organization or tell your CSM what kind of Lantern articles can help you succeed with Splunk.
Find an App on Splunkbase
Updated apps:
Are you collecting data from your Linux systems? The popular Splunk Add-on for Linux was updated recently adding support for Splunk Common Information Model (CIM) v.5.0.1 as well as Ubuntu v22.04 and Red Hat v8.6 OS. This add-on collects Linux data such as CPU metrics, memory metrics, swap metrics, disk utilization, system load, and more.
With the update to CIM v5.0.1, there are updates to other add-ons including Splunk Add-on for MySQL, Splunk Add-on for NGINX, Splunk Add-on for RSA SecurID, Splunk Add-on for Cisco ASA, Splunk Add-on for Symantec Endpoint Protection, and others.
The Splunk Security Essentials app updated recently and delivers new and enhanced features including the ability to create custom content from third-party applications, filter content based on the originating app, investigate Analytic Stories, filter content based on risk and threat, view fields for risk-based alerting in Known False Positives, see an overview of your data inventory, and find content to use in your ransomware defense with the Ransomware Content Browser.
Don’t miss the latest Splunk ES Content Update which packs so many updates, they take a whole page to describe!
Security Product Adoption Board
Our most valuable resources curated just for you
Last month, we were thrilled to launch our new Security Product Adoption Board, a curated “homebase” of the most vital Splunk resources to bring you success with Splunk Security. These boards feature a wealth of valuable content, including:
- Invitations to free workshops
- Essential EDU courses and Splunkbase apps
- Our most valuable Tech Talks
- Recommended use cases
- Classic .conf sessions, each with bite-sized product demos
and much, much more!
This week, we’ve added some *fresh new content* that you’re not going to want to miss.
- Hot off the presses, we have a new feature demonstration from the .conf22 Opening Keynote address: Automated Zero Trust with Splunk SOAR!
- We’ve also added our new Security Use Case Explorer on Splunk Lantern. This is an amazing tool designed to help you achieve new use cases, no matter where you are in your security journey.
Look out for more content updates in the coming months! And if you have any feedback or recommendations for the boards, please be sure to give us your thoughts here. Thanks!
