Written By Josh Applebaum And Presented By Chuck Leaver
Like many of you, we’re still recovering from Splunk.conf last week. As usual,. conf had great energy and the people who remained in participation were enthusiastic about Splunk and the numerous usage cases that it offers through the large app ecosystem.
One crucial announcement throughout the week worth discussing was a brand-new security offering known as “Content Updates,” which essentially is pre-built Splunk searches for helping to spot security incidents.
Generally, it takes a look at the latest attacks, and the Splunk security team creates new searches for how they would look through Splunk ES data to find these types of attacks, and then ships those brand-new searches down to customer’s Splunk ES environments for automatic signals when seen.
The very best part? Because these updates are using mostly CIM (Common Information Model) data, and Ziften populates a great deal of the CIM models, Ziften’s data is currently being matched against the new Content Updates Splunk has produced.
A quick demo revealed which suppliers are adding to each type of “detection” and Ziften was discussed in a large number of them.
For example, we have a current article that shares how Ziften’s data in Splunk is utilized to detect and react to WannaCry.
Overall, with the approximately 500 individuals who came over the booth over the course of.conf I need to state it was among the best occasions we have actually performed in regards to quality discussions and interest. We had nothing but favorable evaluations from our thorough discussions with all walks of corporate life – from extremely technical experts in the public sector to CISOs in the financial sector.
The most typical conversation usually started with, “We are just beginning to implement Splunk and are new to the platform.” I like those, because individuals can get our Apps free of charge and we can get them an agent to try and it gets them something to use right out of the box to demonstrate value immediately. Other folks were extremely seasoned and really liked our approach and architecture.
Bottom line: Individuals are really thrilled about Splunk and real services are offered to assist individuals with real problems!
Want to know more? The Ziften ZFlow App and Technology Add-on helps users of Splunk and Splunk ES usage Ziften-generated prolonged NetFlow from endpoints, servers, and cloud VMs to see exactly what they are missing out on at the edge of their network, their data centers, and in their cloud deployments.