Written By Josh Applebaum And Presented By Charles Leaver
Like so many of you, we’re still recuperating from Splunk.conf recently. As usual,. conf had terrific energy and the people who remained in participation were passionate about Splunk and the many usage cases that it offers through the large app ecosystem.
One crucial statement throughout the week worth discussing was a new security offering called “Content Updates,” which basically is pre-built Splunk searches for assisting to detect security events.
Basically, it has a look at the most recent attacks, and the Splunk security group produces new searches for how they would look through Splunk ES data to discover these types of attacks, and after that ships those brand-new searches to consumer’s Splunk ES environments for automatic notifications when seen.
The best part? Because these updates are using mainly CIM (Common Info Model) data, and Ziften populates a great deal of the CIM models, Ziften’s data is already being matched versus the new Content Updates Splunk has actually produced.
A fast demonstration revealed which vendors are adding to each type of “detection” and Ziften was pointed out in a great deal of them.
For instance, we have a current blog post that shares how Ziften’s data in Splunk is utilized to identify and react to WannaCry.
Overall, with the around 500 individuals who came by the booth over the course of.conf I have to say it was one of the very best occasions we have actually done in terms of quality discussions and interest. We had nothing but positive reviews from our thorough discussions with all walks of business life – from extremely technical experts in the public sector to CISOs in the monetary sector.
The most typical conversation usually began with, “We are just beginning to roll out Splunk and are new to the platform.” I like those, because people can get our Apps totally free and we can get them an agent to try out and it gets them something to use right out of the box to show value right away. Other folks were extremely skilled and actually liked our approach and architecture.
Bottom line: People are genuinely thrilled about Splunk and real services are offered to assist people with real problems!
Want to know more? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES usage Ziften-generated extended NetFlow from end points, servers, and cloud VMs to see what they are missing out on at the perimeters of their network, their data centers, and in their cloud implementations.