Splunk Enterprise Security 8.0: Customer Feedback

A few weeks ago, we announced the general availability of Splunk Enterprise Security 8.0 — rolling out right now to customers in Splunk Cloud! This release is a significant leap forward for security operations, delivering exciting new unified investigation and case management workflows that help analysts quickly triage and investigate security alerts. Additionally, with the direct integration of Splunk SOAR and Mission Control, security teams can do everything from detection, triage, investigation, and response in one single unified modern interface.

That’s not all. The team continues to push innovation in new areas like detection engineering and alert aggregation to help our customers drive positive security outcomes and keep their organizations secure. Splunk Enterprise Security now includes a native detection versioning feature that helps content engineers manage the hundreds of security detections in the SIEM. On the alert aggregation front, a new Finding¹ Groups feature helps administrators build automatically grouped alerts that analysts can quickly consume and act on - reducing manual steps in the triage process and speeding up response times to potential security incidents.

With so much in this release, it is important to continue our tradition of customer feedback to work hand in hand with existing customers and refine these workflows and gather their feedback via our Voice of the Customer programs. We worked with a couple dozen customers in the Splunk Enterprise Security 8.0 private preview program to gather their feedback as we refine these new capabilities. One of our private preview participants, Matt Snyder, shared his perspective on Splunk Enterprise Security 8.0 in a blog post, "Redefining SIEM: Why Splunk® ES 8.0 Stands Out" that I think everyone should take a look at. As a long time Splunk Enterprise Security user, Matt provides a deep dive into many of the improvements and changes in this release, along with his impressions, and I think he nailed it when he said Splunk Enterprise Security 8.0 is the biggest release yet.

We want to send a big thank you to Matt, and all of the other customers who participated in the Splunk Enterprise Security 8.0 private preview program. We continue to lean on our Voice of the Customer programs like Previews and Splunk Ideas to drive Splunk Enterprise Security development, and together we will partner to build the SOC of the Future.

¹ *In preview with Splunk Enterprise Security 8.0