Security Newsletter | November 2023

NOVEMBER 2023 

Enhance Security Visibility and Simplify Investigations for Faster Threat Response with Splunk Enterprise Security

In the face of an ever-increasing volume of cyberattacks, and a limited security workforce to combat those attacks, a best-in-class SIEM can enhance security visibility and simplify investigations for faster threat response. Splunk Enterprise Security delivers enhanced security visibility with Splunk Enterprise Security 7.2, and helps SOCs simplify security investigations with risk-based alerting and Splunk Enterprise Security’s unified workflow experience, Mission Control. Read the latest blog across Splunk Security, Observability, and Platform innovations to learn more about how Splunk Enterprise Security is changing the game for SOCs around the world. 

Security Content from the Splunk Threat Research Team
The Splunk Threat Research Team has had two releases of security content in the last month, which provide 22 new detections, 6 new analytic stories and 3 updated analytic stories. Read the Product News & Announcements post to learn more and check out the latest blogs to help you stay ahead of threats: 

• More Than Just a RAT: Unveiling NjRAT's MBR Wiping Capabilities
• Detect WS_FTP Server Exploitation with Splunk Attack Range 

Introducing Splunk Add-On for Splunk Attack Analyzer and Splunk App for Splunk Attack Analyzer

Following the announcement of Splunk Attack Analyzer at .conf23, we are excited to announce the launch of the Splunk Add-on for Splunk Attack Analyzer and Splunk App for Splunk Attack Analyzer. These apps work together to ingest data from Splunk Attack Analyzer into the Splunk platform and provide out of the box dashboards to give security leaders insight into solution submission trends, patterns in threat volume trends, and phish kit and malware family trends. Learn more in the blog. 

The Latest from SURGe 

• The SURGe security research team has updated their macro-level ATT&CK trending insights for 2023. 
• Check out the latest podcasts on The Security Detail
• Episode 8: The Technology Sector with Sean Heide
• Episode 9: Education with Brett Callow
• Episode 10: Aviation with Richard Waine

• Explore the latest Coffee Talk with SURGe interviews featuring:
• Michael Rodriguez, Principal Strategic Consultant for Google Public Sector
• Patrick Gray, host of the Risky Biz podcast
• Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft
• Jamie Williams, MITRE ATT&CK for Enterprise Lead and Principal Adversary Emulation Engineer

Infosec Multicloud App for Splunk

The Infosec App for Splunk is designed to address the most common security use cases, including continuous monitoring and security investigations. The new Infosec Multicloud App for Splunk is designed by our field team to help customers that have a cloud environment. In addition to views of security posture across cloud providers, the app includes a billing dashboard for a high level overview of costs spread across your various cloud providers. Read the blog to learn more details and the steps needed to install and configure the Infosec Multicloud app for Splunk.

The Great Resilience Quest continues at full momentum

The Great Resilience Quest continues to welcome challengers until the end of January 2024. This gamified adventure teaches you how to implement key Splunk use cases on the path to digital resilience. Conquer each level by completing bite-sized learning activities and quizzes. With amazing prizes still up for grabs, every moment counts. Join the quest today! 

Platform Updates

Build Digital Resilience Through Expanded Access to Decentralized Data

In his recent blog, Tom Casey, SVP Products & Technology for Splunk discusses several recent Splunk Platform innovations enabling customers to build digital resilience through expanded access to decentralized data, enabling better understanding of customer-facing issues, regardless of whether the data sits in Splunk or cost effective Amazon S3 storage, facilitating compliance with data sovereignty requirements.

Build Scalable Security While Moving to Cloud

Now available as an on-demand webinar, hear from Clayton Homes on how to build scalable security while moving to the cloud successfully and efficiently with Splunk. By deploying Splunk Enterprise Security, a data-centric modern information and event management (SIEM) solution in the cloud, Clayton Homes was able to detect and respond to threats quickly while gaining end-to-end visibility across their IT environment with Splunk Cloud Platform (SaaS solution).

Model Assisted Threat Hunting Powered by PEAK & Splunk AI

Accelerate threat hunting with Splunk AI as a catalyst. Join us to learn how to leverage the PEAK threat hunting framework and Splunk AI to find malware dictionary-DGA domains. Learn the basics of the PEAK threat hunting framework developed by Splunk’s SURGe security research team, understand the power Splunk AI can bring to your threat hunts and see how to create automated detections from your successful hunts.

Splunk App for Data Science and Deep Learning - What’s New in Version 5.1.1

In the ever-evolving world of data science, keeping your tools and software up to date is essential. This ensures that you have access to the latest features, security updates and bug fixes. The team behind our data science app has been hard at work to bring you the most robust and secure version yet. Explore our recent blog to dive into what's new in the recently released Splunk App for Data Science and Deep Learning (DSDL) version 5.1.1 available on Splunkbase.

Machine Learning in General, Trade Settlement in Particular

The recent T+1 compliance directive —which mandates that all USA trades starting in May 2024 be settled in at most one day — is the driving force behind wanting to provide resilience to the trade settlement process. Explore this hands on blog on using Splunk Machine Learning Toolkit to predict whether a trade settlement in the financial services industry will fail to be completed.

Tech Talks, Office Hours and Lantern

Tech Talks

Advance Your App Development with the Visual Studio Code Extension

Register Now  and join us on Wednesday, November 15, 2023. See the latest on the Visual Studio Code Extension for Splunk SOAR and how you can make developing apps a breeze.

ICYMI: What’s New in Splunk SOAR 6.2?  Watch the Replay

Streaming Lookups with Splunk Edge Processor

Register Now  and join us on Thursday, November 16, 2023 to learn how best to leverage lookups to optimize costs and maintain data fidelity, explore use cases for this capability that drive business outcomes, and review other ways to optimize your data management strategy using Edge Processor.

Community Office Hours

Join our upcoming Community Office Hour sessions, where you can ask questions and get guidance. 

Security: SOAR - Wed, Nov 29  (Register here)

Splunk Search - Wed, Dec 13  (Register here)

Splunk Lantern 

In this month’s blog we’re highlighting some great new updates to our Getting Started Guide for Enterprise Security (ES) that provide you with easy ways to get going on this powerful platform, as well as new data articles for MS Teams. As usual, we’re also sharing the rest of the new articles we’ve published this month.  Read on to see what’s new.

Education Corner

A Steady Drumbeat of New and Updated Splunk Training 

Can you hear it? That’s the sound of new Splunk Education courses dropping on a regular! You can always search the Splunk Training and Enablement Platform (STEP) for courses that align with your observability learning journey, or check out our October Release Announcements. And, don’t forget to check in with your Org Manager if you’re looking to enroll in paid training using your company’s Training Units. Get curious about what's possible with Splunk.