Written By Josh Applebaum And Presented By Chuck Leaver
Like many of you, we’re still recovering from Splunk.conf recently. As usual,. conf had great energy and the individuals who were in attendance were enthusiastic about Splunk and the many use cases that it offers through the large app ecosystem.
One important announcement during the week worth mentioning was a brand-new security offering referred to as “Content Updates,” which basically is pre-built Splunk searches for helping to find security occurrences.
Basically, it takes a look at the most recent attacks, and the Splunk security group develops new searches for how they would look through Splunk ES data to discover these types of attacks, then ships those new searches to consumer’s Splunk ES environments for automated signals when seen.
The best part? Because these updates are using mainly CIM (Common Info Model) data, and Ziften populates a great deal of the CIM models, Ziften’s data is currently being matched versus the new Content Updates Splunk has created.
A fast demonstration revealed which vendors are adding to each kind of “detection” and Ziften was pointed out in a great deal of them.
For instance, we have a recent blog post that shares how Ziften’s data in Splunk is utilized to find and respond to WannaCry.
Overall, with the approximately 500 individuals who visited the booth over the course of.conf I have to say it was one of the very best occasions we have actually performed in regards to quality discussions and interest. We had nothing but favorable reviews from our extensive discussions with all walks of business life – from highly technical experts in the public sector to CISOs in the monetary sector.
The most common conversation normally started with, “We are simply beginning to implement Splunk and are new to the platform.” I like those, given that individuals can get our Apps free of charge and we can get them an agent to experiment with and it gets them something to make use of right out of the box to demonstrate worth immediately. Other folks were extremely skilled and actually liked our approach and architecture.
Bottom line: People are really thrilled about Splunk and genuine options are available to assist individuals with real problems!
Want to know more? The Ziften ZFlow App and Technology Add-on helps users of Splunk and Splunk ES usage Ziften-generated extended NetFlow from end points, servers, and cloud VMs to see exactly what they are missing out on at the edge of their network, their data centers, and in their cloud deployments.