Written By Josh Applebaum And Presented By Chuck Leaver
Like a number of you, we’re still recovering from Splunk.conf recently. As usual,. conf had fantastic energy and the individuals who remained in attendance were enthusiastic about Splunk and the numerous use cases that it provides through the large app ecosystem.
One important announcement throughout the week worth mentioning was a brand-new security offering called “Content Updates,” which basically is pre-built Splunk searches for helping to spot security events.
Essentially, it takes a look at the most recent attacks, and the Splunk security team develops new searches for how they would hunt through Splunk ES data to discover these kinds of attacks, and after that ships those new searches to customer’s Splunk ES environments for automatic alerts when seen.
The very best part? Due to the fact that these updates are using primarily CIM (Common Information Model) data, and Ziften occupies a lot of the CIM models, Ziften’s data is currently being matched versus the new Content Updates Splunk has actually produced.
A quick demonstration revealed which suppliers are contributing to each kind of “detection” and Ziften was pointed out in a large number of them.
For instance, we have a current article that shares how Ziften’s data in Splunk is used to discover and react to WannaCry.
In general, with the roughly 500 individuals who visited the cubicle over the course of.conf I need to state it was one of the very best occasions we have actually carried out in regards to quality discussions and interest. We had nothing but positive reviews from our extensive conversations with all walks of business life – from highly technical analysts in the public sector to CISOs in the monetary sector.
The most common discussion usually began with, “We are simply beginning to roll out Splunk and are new to the platform.” I like those, because individuals can get our Apps totally free and we can get them an agent to try and it gets them something to make use of right out of the box to demonstrate value instantly. Other folks were really seasoned and truly liked our method and architecture.
Bottom line: People are genuinely thrilled about Splunk and real solutions are available to assist individuals with real problems!
Want to know more? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES usage Ziften-generated prolonged NetFlow from endpoints, servers, and cloud VMs to see exactly what they are missing at the perimeters of their network, their data centers, and in their cloud deployments.