Splunk Security Essentials 3.6.0: A Holistic View of Your Security

We hope that you had a blast at .conf22 whether you attended in-person or virtually! To keep the good vibes of .conf rolling, we are releasing Splunk Security Essentials 3.6.0. For those new here, Splunk Security Essentials (SSE) is a fully supported app that is available to install from Splunkbase. There is so much to be excited about in this update and we can’t wait for you to make the most of all the new benefits.

In this latest release, Splunk Security Essentials now offers the ability to import 3rd party content and filter this content using the source app. This feature allows you to create custom content inside SSE even if it's not content for Splunk, enabling you to map all of your content in the MITRE framework. SSE now effectively gives you a 360° view of all security content.

To learn more about and see a live demo of this new MITRE framework update, check out our just released .conf22 session.

Included in the 3.6.0 SSE update is the ability to share visibility into ransomware content directly deployed in SSE. The Ransomware Content Browser gives you a visual representation of the lifecycle of a ransomware attack. It provides a full contextual picture of the attack, while also focusing on the most common pathways seen in reported ransomware incidents, to help you get a comprehensive understanding of ransomware. Be sure to read our white paper to see how defenders can gain more knowledge and confidence to move “left of boom” with their ransomware detections.

Like all updates, we want to make our products easier for you to use which is why SSE 3.6.0 now offers a new dashboard overview that allows you to export your data inventory in an easy-to-use format. This dashboard functionality will allow you to create more dynamic views and give you improved data accessibility.

You can now adjust risk-based alerting (RBA) settings when selecting certain content in SSE. With just a few clicks, you can seamlessly move between SSE and Splunk ES. This update allows you to effectively progress through your security maturity journey. We love when our customers can more effectively use our products and this update helps them do just that.

The amount of information available at your fingertips can sometimes be overwhelming and is why we included a new analytics story feature in SSE 3.6.0. This will enable you to fill in the missing gaps for security use cases.

From better visibility on who is accessing your cloud infrastructure to understanding who has MFA enabled, SSE 3.6.0 gives you the full context you need, when you need it.

Splunk Security Essentials 3.6.0 allows you to manage all your security content in a single place and increase your situational awareness. For full details on this exciting new release, head over to the Splunk Security Essentials page on Splunkbase to get the latest version.

Happy Splunking!

----------------------------------------------------
Thanks!
Johan Bjerke