Protect your business and modernize your security operations with a best in class data platform, advanced analytics and automated investigations and response.
Splunk Enterprise Security 8.0 revolutionizes the SOC workflow experience, enabling security analysts to seamlessly detect what matters, investigate holistically, and respond rapidly. Elevate security operations with complete and unified TDIR workflows, simplified terminology, modern aggregation and triage capabilities, and enhanced detections. This comprehensive demonstration covers all features and capabilities of Splunk Enterprise Security 8.0.
In this SIEM in Seconds demo, we’ll explore the new and improved Analyst Queue in Splunk Enterprise Security 8.0. This is where security analysts spend the majority of their time triaging and investigating alerts. With our new right-hand side panel, analysts can consume all details of a finding and instantly kick off investigations and automate response.
In this SIEM in Seconds demo, see how detection versioning in Splunk Enterprise Security 8.0 can help you better manage detection hygiene in your SIEM. Automatic detection versioning provides native, automatic version control of ESCU and customer-owned detections. Detection engineers can easily and efficiently save new versions of detections, back up detections, roll back to prior versions of detections with a single click, and maintain custom detections.
In this SIEM in Seconds demo, learn how to leverage detections and detection content in Splunk Enterprise Security 8.0. This new version of Splunk Enterprise Security provides an easier to manage full library of detection content. Detection content is cleaner, better organized and easier to track, so detection engineers can easily identify and update out-of-date content.
In this SIEM in Seconds demo, learn how finding-based detections can help your security team quickly understand security incidents and respond accordingly. A finding-based detection is based on the specific detail or analytics observed, including timestamps key/value pairs, entity information, impact, risk score, threat object, and more.
In this SIEM in Seconds demo, see how Response Plans in Splunk Enterprise Security allow users to easily collaborate and execute incident response workflows for common security use cases. Response Plan templates allow users to see each phase of an incident response plan, assign key stakeholders to specific phases, and apply simple automation playbooks to tasks for rapid remediation.
In this SIEM in Seconds demo, see how direct integration with Splunk SOAR playbooks and actions within the case management and investigation features of Splunk Enterprise Security and Mission Control delivers a single unified work surface. Optimize mean time to detect (MTTD) and mean time to respond (MTTR) for an incident. Analysts can detect, investigate and respond to threats from one modern interface.
Threat Topology allows analysts to gauge the extent of an incident by mapping all the associated risk and threat objects. Analysts can immediately discover the scope of a security incident and quickly pivot between affected assets and users in the investigation, saving time and increasing productivity.
Built on a scalable platform, Splunk Enterprise Security (ES) delivers data-driven insights so you can gain full-breadth visibility across your organization.
The Security Posture dashboard provides high level insight into real-time notable events across your security operations center. You can configure the dashboard with the KPIs you need and monitor change over a 24-hour period.
Risk-based alerting, or “RBA,” builds upon the great out-of-the-box detections in Splunk ES by greatly reducing false-positive detection rates and increasing productivity in your SOC. RBA attributes risk to users and systems and generates alerts when risk and behavioral thresholds are exceeded.
In incident Review, you can easily expand to view the timeline of events that contributed to an RBA-generated Notable (or a Risk Notable).
Adaptive Response Actions are actions that can be taken either manually or automatically against any notable event generated.
These actions can help gather context or help accelerate response and remediation when investigating notable events and are a great foundation for automating certain processes before evolving to full security orchestration, automation and response solution with Splunk SOAR.
Splunk Intelligence Management enables security teams to operationalize their internal and external security intelligence sources across their ecosystem by delivering insights directly into Splunk ES and Splunk SOAR.
Splunk SOAR can seamlessly share information with Splunk ES, helping to accelerate incident investigation and response by enriching alerts and performing actions at machine speed.
Splunk User Behavior Analytics (UBA) integrates with ES to enhance insight, strengthen security and streamline investigations so analysts can focus on high-fidelity alerts. UBA utilizes machine learning to profile user and entity behaviors, filter out real threats and share those threats with Splunk ES.
Alternatively, the behavioral analytics service is also available for cloud-deployed Splunk ES customers to provide comprehensive security visibility to uncover hidden and unknown threats through streaming analytics.
The Splunk Threat Research Team releases security content in the form of pre-packaged detections and responses to help your team stay on top of the latest threats.
Find this content in the Use Case Library in the form of Analytic Stories, where you can filter by use case or by an industry framework like MITRE ATT&CK.
The Asset Investigator dashboard aggregates events over time into swim lanes for easier threat hunting and incident forensic. Each swim lane defines high and low activity periods by color shade, revealing patterns in host and user actions.
Within Security Domains are ready-to-use dashboards with individual focuses — such as tracking login attempts, breach endpoints or network intrusions — that you can pivot and correlate across to reduce remediation time.
During an investigation, you can quickly pivot to the Investigation Workbench, which centralizes all threat intelligence, security context and relevant data, including users and devices, for fast and accurate assessments of incidents.
The Investigation Timeline allows for better collaboration and tracking of investigations. Ad-hoc searches are also easy to run from Workbench so you save time and remain focused on your investigation.
New Features in Splunk Enterprise Security 8.0
SIEM and SOAR Unified Workflows
Features
ES Content Updates and Use Case Library
Asset Investigator and Security Domains