Splunk ES 8.0 Detection Innovations Teased
Splunk is hinting at major detection improvements in Enterprise Security 8.0 [https://www.youtube.com/watch?v=S-1jmvnVJiQ]. "Finding-Based Detections" [https://www.youtube.com/watch?v=M0qbcXaPEnk] could mean Splunk's surfacing actionable insights from raw event data, cutting down on alert fatigue. Detection versioning [https://www.youtube.com/watch?v=yHxWlBBt4ys] is also coming, promising better governance and auditability.
Splunk Enterprise Security (ES) 8.0 boasts a unified work surface, integrating Mission Control to streamline threat detection, investigation, and response. Analysts gain single-pane-of-glass access, reducing screen fatigue by using integrated playbooks and Splunk SOAR. Finding Groups aggregate findings based on predetermined rules, enhancing the analyst experience beyond Risk Based Alerting (RBA). Splunk SOAR playbooks can run automatically based on detection rules, increasing SOC efficiency and enabling detailed threat hunting. Enhanced RBA simplifies implementation with updated content in Enterprise Security Content Updates (ESCU). Detection versioning, a key feature in ES 8.0, allows users to save and revert to previous versions of detections. This aids in troubleshooting and avoids the use of external tools like Git for version control. Versioning is not enabled by default and must be turned on in the general settings. Splunk ES faces competition from solutions like Microsoft Sentinel, LogRhythm SIEM, and IBM Security QRadar SIEM. Splunk's history includes its founding in 2003, expansion into cybersecurity in 2015, and acquisition by Cisco in 2024. Post-acquisition, Splunk plays a central role in Cisco's AI and security strategy.
