Do More with Splunk Security Essentials 3.7.0

We know the time between Thanksgiving and New Year’s is typically slow so we wanted to bring some early holiday cheer to you through the most downloaded (and free) app on Splunkbase, Splunk Security Essentials (SSE). Starting Dec. 7, Splunk Security Essentials 3.7.0 is Generally Available. We have some amazing updates in the SSE 3.7.0 release, so let’s dive right into the updates. 

Splunk Security Essentials + Splunk Enterprise Security

At Splunk, we are always looking at ways for our customers to achieve more with our products. Included in the SSE 3.7.0 release is the ability to easily integrate SSE with Splunk Enterprise Security (ES). Customers can easily view how to push MITRE ATT&CK and Cyber Kill Chain attributions to the ES Incident Review Dashboard and so much more. The simple integration between SSE and our market share leading SIEM enabled in this update will prove to be a huge winner.


Metrics are everything in today’s data driven world. SSE 3.7.0 allows you to do more with your metrics than ever before. You can now view metrics on how many data sources are enabled from the corresponding originating apps and visualize the metrics. You can click on individual metrics to search through them and fine tune all the details. Check out just a sample of what you can do in this update below:

Custom Threat Intel Streams

We love our customers and value their feedback in everything we do. Based on a customer’s request, we included the ability to use the MITRE ATT&CK Framework dashboard to track use case development. This update allows you to integrate with other threat intelligence streams into the SSE dashboards so that you can visualize more content than ever before. With this update, you will have so much more visibility into your environment. Keep the feedback coming!

Improved Search in Content Mapping

Our goal is to provide you with the most user friendly app possible and with the new ability to search for data sources using free text will enable you to accomplish more in SSE, quickly. You will now be able to enter text in the search bar for the data in saved searches through SSE content names to map data more quickly than ever before. This improvement is surely going to be one of the most used new features available in SSE.

One last feature we want to highlight is an update to the data inventory for uberAgent ESA. The team over at uberAgent was kind enough to share details on how their new ESA product should be configured in the data inventory. Thanks to this update, SSE customers can now search for uberAgent data sources and sourcetype in Splunk Security Essentials.

There is so much more you can do with Splunk Security Essentials 3.7.0. Be sure to check out the SSE Splunkbase page for all the feature updates coming out with this release and download version 3.7.0. If you want to read more.

As a reminder, Splunk Security Essentials is free.

Happy Splunking!

Alex Salesi
Posted by

Alex Salesi

Alex is a former Civil Engineer turned Product Marketer at Splunk focused on all things Splunk ES. Outside of Splunk, you can find him playing basketball, cooking and critiquing movies.

Show All Tags
Show Less Tags