What's new in Splunk Attack Analyzer
Splunk Attack Analyzer releases continuously. This list periodically updates with the latest functionality and changes to Splunk Attack Analyzer.
April 30, 2023
New feature | Description |
---|---|
Interactive Sandbox default browser | You can now select a default browser for all links launched by the Interactive Sandbox, rather than just the initial browser the URL for the interactive sandbox is launched with. |
Web Analyzer QR code and OCR support | The Web Analyzer engine is now able to analyze QR codes and has improved OCR support. |
March 26, 2024
New feature | Description |
---|---|
New regional availability | Splunk Attack Analyzer is now available in the London, Frankfurt, and Sydney regions. |
March 8, 2024
New feature | Description |
---|---|
Drag and drop files to upload | You can now drag and drop files to upload them to Splunk Attack Analyzer. |
February 28, 2024
New feature | Description |
---|---|
Interactive web countdown timer | A three minute countdown timer now shows how much time you have remaining in the session. See Interactive submission for more information on Interactive web. |
New key for Get Job Summary API | A new key, "AppURL", has been added to the Get Job Summary API response. This key contains a link to the Splunk Attack Analyzer page for the job. |
January 9, 2024
New feature | Description |
---|---|
Interactive Web v2 | Use the Interactive Web v2 tab to submit a URL or HTML file and interact with it within a virtual web browser hosted by Splunk Attack Analyzer. Interactive Web v2 has similar functionality to Legacy Interactive Web but contains improved website rendering, improved user interface performance including the ability to drag and drop draggable elements, improved resilience to CAPTCHA loops, and is close to parity with detections on Web Analyzer including support for JavaScript event hooking, data URI capture and so on. Additionally, you can select the Internet Region you want to use to access a website. Legacy Interactive Web will eventually be replaced by Interactive Web v2. See Interactive Web v2 in the Detect and Analyze Threats with Splunk Attack Analyzer manual. |
Artifact Downloads | Use the Artifact Downloads tab visible on the Consolidated job view to gather more information about submitted URLs or files. From this tab, you can download the PCAP or original HAR files where available. See Analyze completed jobs with Splunk Attack Analyzer in the Detect and Analyze Threats with Splunk Attack Analyzer manual. |
November 6, 2023
New feature | Description |
---|---|
Create and manage API keys | As an administrator, you can create and manage API keys in Splunk Attack Analyzer to use the API to get data into Splunk Attack Analyzer. Common API integrations include connecting Splunk Attack Analyzer with Splunk SOAR and Splunk Mission Control and connecting the Splunk Add-on for Splunk Attack Analyzer to index job and forensic data from Splunk Attack Analyzer to the Splunk platform. See Create and manage API keys in Splunk Attack Analyzer in the Detect and Analyze Threats with Splunk Attack Analyzer manual. |
User interface performance improvements | Splunk Attack Analyzer now loads up to 25 percent faster. |
QR code improvements | Splunk Attack Analyzer now follows all QR codes with a mobile user agent. |
September 27, 2023
New feature | Description |
---|---|
Create and assign user roles | As an administrator, you can create users and assign users to roles to manage their access to functionality and data in Splunk Attack Analyzer. See Manage roles and permissions for users of Splunk Attack Analyzer in the Detect and Analyze Threats with Splunk Attack Analyzer manual. |
Support for .ace files in Archive Extractor | Archive Extractor now supports the extraction of .ace files for evaluation or inspection. |
August 11, 2023
The following table lists the new features included in this release of Splunk Attack Analyzer:
New feature | Description |
---|---|
Interactive sandbox browser choice | You can now select the browser you want Interactive Sandbox to use to access your submitted content. See Interactive Sandbox in the Detect and Analyze Threats with Splunk Attack Analyzer manual. |
Improvements to CHM file extraction | Splunk Attack Analyzer now extracts potentially malicious files attached to .chm files for analysis and inspection. |
July 28, 2023
The following table lists the new features included in this release of Splunk Attack Analyzer:
New feature | Description |
---|---|
Sandbox naming convention update | The name of the TwinWave Sandbox (win7) was updated to Windows 7 Sandbox and the name of the associated former JSON key twinwave_cuckoo was updated to sandbox_win7. The name of the TwinWave Sandbox (win10) was updated to Windows 10 Sandbox and the name of the associated former JSON key twinwave_cuckoo_win10 was updated to sandbox_win10.
|
Improved URL detection from images | Splunk Attack Analyzer has improved optical character recognition (OCR) capabilities to provide improved URL extraction from images. This can improve smishing detection when mobile device messages are submitted as screenshots to Splunk Attack Analyzer. |
July 17, 2023
Splunk Attack Analyzer, formerly TwinWave, is a cloud-based application that navigates complex attack chains to detect credential phishing and malware threats, generates actionable insights, and reduces the friction of repetitive manual tasks typically associated with investigating threats.
Use Splunk Attack Analyzer to perform the following tasks:
- Get data into Splunk Attack Analyzer through email, the API, manual submission, or by using the Splunk Attack Analyzer connector. See Get data into Splunk Attack Analyzer in the Detect and Analyze Threats with Splunk Attack Analyzer manual.
- Detect threats. See How Splunk Attack Analyzer engines and integrations with third-party engines help detect threats in the Detect and Analyze Threats with Splunk Attack Analyzer manual.
- Analyze threat detection results. See Analyze completed jobs with Splunk Attack Analyzer in the Detect and Analyze Threats with Splunk Attack Analyzer manual.
NEXT Fixed issues for Splunk Attack Analyzer |
This documentation applies to the following versions of Splunk® Attack Analyzer: Current
Feedback submitted, thanks!