Splunk Unveils Product Innovations – Splunk Attack Analyzer, OpenTelemetry Collector, and Unified Identity
Meet the Authors
Key Takeaways
⇨ Splunk has introduced new product innovations to its unified security and observability platform.
⇨ The enhancements cover the full range of Splunk's offerings and equip SecOps, ITOps, and engineering teams with consolidated interfaces and processes that facilitate prompt, precise, and large-scale detection, investigation, and response to threats.
⇨ Splunk Attack Analyzer (formerly TwinWave) allows automated threat analysis of suspected malware and credential phishing threats and also identifies and extracts associated forensics for accurate and timely detections
Splunk, a leader in cybersecurity and observability leader, has introduced new product innovations to its unified security and observability platform. The enhancements cover the full range of Splunk’s offerings, equipping SecOps, ITOps, and engineering teams with consolidated interfaces and processes that facilitate prompt, precise, and large-scale detection, investigation, and response to threats. When combined with Splunk’s AI solutions, the product innovations offer organizations unparalleled insights across their hybrid systems and allow them to optimize costs, and accelerate detection, investigation and response process. Here is a look at a few product innovations:
Splunk Attack Analyzer: Splunk Attack Analyzer (formerly TwinWave) allows automated threat analysis of suspected malware and credential phishing threats, and also identifies and extracts associated forensics for accurate and timely detections. By interfacing with Splunk SOAR and Splunk Attack Analyzer, security analysts can streamline threat forensics, ensuring precise and prompt detections. This integration also decreases the duration and resources required for manual inquiries.
OpenTelemetry Collector: OpenTelemetry Collector is a technical add-on (TA), a collection of APIs, SDKs, and tools used to instrument, generate, collect, and export telemetry data (metrics, logs, and traces) for analyzing software’s performance and behavior. This add-on to Splunk Platform allows organizations to easily adopt Splunk Observability Cloud, deploy the Collector alongside their existing forwarders to capture metrics and traces, and provides a unified view of infrastructure and services.
Unified Identity: Unified Identity allows ITOps practitioners and engineers to access Splunk Cloud Platform and Splunk Observability Cloud data with one user identity. Users can benefit from an enhanced sign-in procedure and immediately obtain log information from the Splunk Cloud Platform, speeding up problem-solving processes. The incorporation allows ITOps professionals and engineers to use a shared array of visual aids, promoting more nimble collaboration across teams and facilitating swift issue detection and resolution.
Splunk Platform enhancements: The recent developments in the Splunk Cloud Platform and Splunk Enterprise 9.1 equip SecOps, ITOps, and engineering teams with the ability to depict data streams throughout their complete technological infrastructure, promoting extensive teamwork. This enhancement allows organizations to expand their operations effectively, ensuring a swift response and reduced interruptions. Platform enhancements include:
- Ingest Actions expands capabilities for routing data to multiple, distinct Amazon S3 buckets, enabling greater granularity in data management.
- Federated Search for Amazon S3 preview offers a unified search experience of data at rest in Amazon S3 buckets – without having to ingest that data to Splunk – and across Splunk instances and third-party data lakes through its integration with Ingest Actions and Edge Processor for better data movement.
- Edge Processor featuring SPL2 enables data ingestion and export to Splunk using HTTP Event Collector (HEC). Users can set default destinations per Edge Processor for more flexibility in routing.