“Splunk's Enterprise Security App Version 3.1 represents a great step forward in providing security analytics to more roles across the security team. The addition of risk-based analytics and more in-depth threat intelligence, combined with the ability to connect and visualize disparate data, are extremely valuable and well aligned with the requirements we are hearing from end users,” said David Monahan, security research director, Enterprise Management Associates. “The new Guided UI allows any user to build sophisticated queries without foreknowledge of the Splunk analytics language, advancing the capabilities of every level of user, improving effectiveness and accelerating the ROI gained from Splunk.”New features in the Splunk App for Enterprise Security focus on delivering risk-based analytics, connecting and visualizing disparate data, and enriching security analysis with threat intelligence. Key features include:
- Risk-based Analytics: Enhance decision-making by applying a risk score to any data through a new Risk Scoring Framework. Helps security and IT teams prioritize, triage and be alerted to threats based on risk score, while also exposing contributing factors of the risk score to all relevant teams.
- Visual Investigation: Gain faster, deeper insights across all machine data by giving users the ability to visually discover relationships by creating event swim lanes that organize and correlate all data.
- Guided Search Creation: Simplify complex correlation across disparate data sources by building advanced searches in a guided user interface with little or no knowledge of any programming language or command syntax.
- Domain Name-based Threat Intelligence: Adding onto the integrated Threat Intelligence Framework, which deduplicates and assigns weights to threat intelligence feeds, security teams can now integrate high-fidelity and complex URLs and domain names.