It was over a month ago that I promised we would tie together Splunk Security Content and the Splunk Attack Range to automatically test detections. Ultimately, using these projects together in a Continuous Integration / Continuous Delivery (CI/CD) workflow with CircleCI brings the rigors of software development to the SOC and truly treats 🛡detection as code. Well, I want to share how we have failed at achieving this goal.

Well, it’s been a while since you read a blog dedicated to the latest release – okay, the latest several releases – of Splunk Security Essentials (SSE). We have been busy behind the scenes, however, so let’s catch you up on SSE’s latest features, which include the new version of our content API, and externally with updates from MITRE and the release of ATT&CK v7.2 (with Sub-Techniques) and ATT&CK v8.

We are excited to announce that Splunk Infrastructure Monitoring has achieved Outposts Ready designation. This designation recognizes that Splunk provides proven solutions for customers to build, manage and run hybrid cloud applications. AWS Outposts Ready designation establishes Splunk as an AWS Partner Network (APN) member that provides validated integrations with a specific focus on observability and monitoring of AWS Outposts deployments.

We are excited to partner with AWS in launching Amazon EKS Distro (EKS-D), the official Amazon Kubernetes distribution, which includes the same secure, validated, and tested components that power Amazon EKS. Splunk Infrastructure Monitoring provides a turn-key, enterprise-grade Kubernetes monitoring solution for Amazon EKS. Additionally, Splunk Infrastructure Monitoring provides out-of-the-box monitoring of Kubernetes Control Plane.

When analysing data one of the biggest questions you may often face is: what is causing this situation? In this blog, we’re going to look at how causal inference can be used to understand in more detail what the biggest influencing factors are across a dataset. Traditionally in Splunk, we talk about correlation; does metric x go up or down in accordance with metric y or is there a relationship between x and y?

Splunk Cloud’s ecosystem of apps and technical add-ons boasts a comprehensive set of input sources that enrich customer data insights. Many of these inputs reside in Cloud contexts, such as AWS, Salesforce, Azure, GCP, and many others. The Inputs Data Manager was introduced to aid the ingestion of these cloud data sources. As a result, in many cases, customers no longer need to host their own infrastructure to run scripted and modular inputs.

Not only do cybersecurity organizations need to deliver the level of security required to protect corporate assets, they also need to align with the strategic goals and objectives of the business. By defining, establishing and managing your organization's cybersecurity posture, you can deliver the results needed for the business to be successful.

The Splunk Augmented Reality (AR) team had an amazing experience developing all the new features we launched at .conf20. If you haven’t seen it, we highly encourage you to watch the AR .conf session and see the new features in action. After, you’ll probably share it with your colleagues because of how cool it was! :) Today we want to highlight Remote Collaboration in Splunk AR — we’ve taken “collaboration” to the next level.

Hello Security Ninjas, Today's IT world is complex and can be challenging for security operations teams. Nowadays, more apps are being integrated and interconnected than ever before. Cloud services and SaaS solutions purchased all throughout the organization outside of the IT department add even more complexity. Communicating to application and service owners the kind of activities that need to be logged and sent to the SOC can be a daunting task.