Supercharge Your SOC Investigations with Splunk SOAR 6.4

Security operations teams face increasing threats, staffing shortages, and gaps in automation and orchestration. These challenges lead to alert fatigue, slower investigations, and increased risk. Enter Splunk SOAR 6.4, designed to streamline and enhance your security operations.

The Challenges of Today

Attackers are evolving faster than security teams, leveraging large-scale, fully automated campaigns that exploit known and undiscovered vulnerabilities and using cutting-edge techniques that traditional security operations struggle to keep up with. A common problem is that SOC teams cannot work together efficiently and effectively without clearly defined workflows to investigate and resolve incidents rapidly. In other cases, it's the challenge of having too many disparate security solutions that require too many pivots and insufficient correlation. Today, SOC teams juggle a grab bag of security products, tools, and open-source solutions that often lack seamless interoperability, resulting in inefficient investigations, excessive handling times, and providing adversaries the cover they need with bloated dwell times. These tools all possess static, independent controls with no orchestration between them.

The future of the SOC requires a modern, unified, and risk-based approach that seamlessly integrates threat detection, investigation, and response (TDIR) into a single, automated workflow.

That's why we're thrilled to announce the release of Splunk SOAR 6.4, packed with powerful new features and enhancements designed to supercharge your security operations. Whether you're a seasoned Splunker or starting your journey, this update has something for everyone. So, grab a drink, sit back, and dive into what's new.

Cisco Talos Integration: Enhanced Threat Intelligence

First up, one of the most exciting updates is the Splunk SOAR integration with Cisco Talos. Talos is renowned for its threat intelligence capabilities, and now you can leverage this power directly within your Splunk SOAR playbooks. With actions like IP reputation lookup, domain reputation lookup, and URL reputation lookup, you can automate threat validation, enrich security alerts, and enhance incident triage with real-time threat intelligence. Integrating Cisco Talos provides immediate value that accelerates orchestration, leading to greater Splunk SOAR adoption and engagement across your security operations teams.

Learn more: Take a guided tour of the Talos integration

Splunk SOAR on Azure: Interoperability, Scalability, and Ease of Maintenance

Splunk SOAR (Cloud) is now available on Microsoft Azure. Extend your SOAR deployment to Azure's scalability, ease of maintenance, and seamless integration with Splunk Enterprise Security. SOC teams that leverage Microsoft Azure will benefit significantly from the scalability, ease of maintenance, and seamless integration with Splunk Enterprise Security and SOAR (Cloud).

Guided Automation Enhancements: Extended Playbook Customization

We've significantly improved the Guided Automation feature to include additional playbook blocks, including Prompt, Format, Code, and Utility. This enhancement enables SOC teams to quickly develop, test, and deploy tailored-made playbooks that extend Splunk SOAR orchestration and automation capabilities while improving workflow precision.

Performance Enhancements: Speed and Efficiency

Performance is key in security operations, and we've made several changes to boost it. With increased action concurrency limits, reduced websocket load, new database indexes for playbook run and action run history, and additional dashboards for observability, your operations will run seamlessly faster.

Expanded OS Support: Extend Deployment Across On-Premise Environments

For those using Splunk SOAR on-premises, we've expanded our operating system support to include Red Hat Enterprise Linux 9, Amazon Linux 2023, and Oracle Linux 9. Expanding deployment capabilities gives you more options and flexibility in your development. As other vendors abandon on-premise and push customers into the cloud-only model, Splunk SOAR is doubling down on our commitment to on-premise customers and cloud solutions. To that end, we've expanded and upgraded our on-premise operating systems choices to include Red Hat Enterprise Linux 9, Amazon Linux 2023, and Oracle Linux 9.

Improved Automation - Authoring & Debugging: Expanding Our Investment

The next logical step in improving automation building is to simplify testing and debugging of playbooks while you create them. The data preview panel now includes a "Logs" sub-tab for each block within the playbook. This new feature displays a subset of the Debugger output for the highlighted block, making it more straightforward to identify and fix issues.

So, Why Should You Care About These Updates?

1. Advanced Threat Intelligence: Talos integration brings world-class threat intelligence to your fingertips, enhancing your ability to detect and respond to threats.
2. Scalability and Maintenance: Running on Azure means your security operations can scale effortlessly, and maintenance becomes a breeze.
3. Enhanced Automation: More playbook blocks mean more ways to automate and streamline security workflows.
4. Improved Performance: Faster operations mean quicker response times and more efficient threat management.
5. Flexibility: Expanded OS support gives you more deployment options.
6. Easier Debugging: The new Logs sub-tab simplifies troubleshooting, saving time and effort.
7. Seamless Migration: Automatic playbook conversions ensure a smooth transition from Mission Control to Enterprise Security.

Splunk SOAR 6.4 empowers your security operations to be more powerful, efficient, and flexible. With these new features and enhancements, you'll be better equipped to tackle the ever-evolving threat landscape. So, go ahead and explore the new capabilities, and let us know how they improve your security operations.

Official Release Notes:

➔ Splunk 6.4 (On-Premises)

➔ Splunk 6.4 (Cloud)