Written By Josh Applebaum And Presented By Charles Leaver
Like a number of you, we’re still recuperating from Splunk.conf recently. As usual,. conf had terrific energy and the people who were in attendance were enthusiastic about Splunk and the many usage cases that it offers through the big app ecosystem.
One crucial statement during the 7 days worth discussing was a brand-new security offering known as “Content Updates,” which basically is pre-built Splunk searches for helping to find security occurrences.
Basically, it has a look at the most recent attacks, and the Splunk security team creates brand-new searches for how they would look through Splunk ES data to discover these kinds of attacks, and then ships those brand-new searches down to customer’s Splunk ES environments for automated signals when seen.
The very best part? Because these updates are using primarily CIM (Common Info Model) data, and Ziften populates a great deal of the CIM models, Ziften’s data is currently being matched against the new Content Updates Splunk has created.
A fast demonstration revealed which suppliers are adding to each kind of “detection” and Ziften was mentioned in a great deal of them.
For instance, we have a current article that shares how Ziften’s data in Splunk is utilized to find and react to WannaCry.
Overall, with the around 500 people who came by the cubicle over the course of.conf I need to say it was among the very best occasions we’ve performed in regards to quality discussions and interest. We had nothing but favorable reviews from our extensive discussions with all walks of business life – from highly technical analysts in the public sector to CISOs in the monetary sector.
The most typical conversation normally started with, “We are just starting to implement Splunk and are brand-new to the platform.” I like those, given that people can get our Apps free of charge and we can get them an agent to try out and it gets them something to use right out of the box to show worth instantly. Other folks were very skilled and truly liked our approach and architecture.
Bottom line: People are genuinely thrilled about Splunk and genuine services are readily available to help people with real problems!
Curious? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES usage Ziften-generated prolonged NetFlow from endpoints, servers, and cloud VMs to see exactly what they are missing out on at the edge of their network, their data centers, and in their cloud deployments.