Written By Josh Applebaum And Presented By Charles Leaver
Like so many of you, we’re still recovering from Splunk.conf recently. As usual,. conf had fantastic energy and the individuals who remained in participation were enthusiastic about Splunk and the many use cases that it provides through the large app ecosystem.
One essential statement throughout the week worth mentioning was a new security offering called “Content Updates,” which essentially is pre-built Splunk searches for helping to spot security events.
Essentially, it takes a look at the most recent attacks, and the Splunk security group produces new searches for how they would look through Splunk ES data to find these kinds of attacks, and then ships those brand-new searches to consumer’s Splunk ES environments for automatic notifications when seen.
The very best part? Because these updates are using mostly CIM (Common Information Model) data, and Ziften occupies a lot of the CIM models, Ziften’s data is already being matched versus the new Content Updates Splunk has actually developed.
A fast demo revealed which suppliers are adding to each type of “detection” and Ziften was discussed in a great deal of them.
For instance, we have a current article that shares how Ziften’s data in Splunk is utilized to spot and react to WannaCry.
Overall, with the approximately 500 individuals who came by the cubicle over the course of.conf I have to say it was among the best occasions we have actually done in terms of quality discussions and interest. We had nothing but positive reviews from our in-depth discussions with all walks of business life – from extremely technical experts in the public sector to CISOs in the financial sector.
The most common conversation usually began with, “We are just beginning to implement Splunk and are new to the platform.” I like those, because individuals can get our Apps totally free and we can get them an agent to try out and it gets them something to utilize right out of the box to demonstrate value right away. Other folks were extremely experienced and actually liked our technique and architecture.
Bottom line: Individuals are genuinely excited about Splunk and real solutions are available to help individuals with real problems!
Curious? The Ziften ZFlow App and Technology Add-on helps users of Splunk and Splunk ES use Ziften-generated prolonged NetFlow from endpoints, servers, and cloud VMs to see exactly what they are missing at the edge of their network, their data centers, and in their cloud implementations.