The Splunk App for Enterprise Security version 3.0 includes new dashboards, views, and tools to help security analysts detect malicious activity by analyzing the meta-characteristics of their data. Using the statistical command language in the Splunk platform, security analysts can evaluate their real-time and historical data to find patterns and detect unknown threats that exhibit anomalous behavior not detectable using pattern-based tools.
- Extended data source access (packet capture and netflow improvements) allow greater breadth of input
- Improved performance and scalability from the Splunk Enterprise 6.0 backend
- New visualizations for key security metrics and predictive analytics
- Easy visual correlation of events related to a given asset or identity
- Improved integration of external data sources for threat intelligence and data enrichment
- Reporting improvements through data models and pivot tables
- TA-nix is no longer included with the Splunk App for Enterprise Security. It is replaced with the Splunk Add-on for Unix and Linux. This new add-on is shipped with the app or available on Splunk>apps directly.
- The deployment apps
solaris_baseare no longer included with the app. They are replaced by the Splunk Add-on for Unix and Linux, which provides backwards compatibility for those still using the *_base apps.
- The Nessus add-on has been updated to support indexing of the data using the ReportHost StopTime field as an option. See the FAQ in the Data Source Integration Manual for more information.
- The Nessus add-on now extracts by default the signature_family" field.
- TA-checkpoint has been removed from the Enterprise Security distribution in favor of the new Splunk Add-on for Check Point OPSEC LEA. The existing add-on will not be removed during upgrade. To upgrade, see the Splunk Technology Add-on for Check Point OPSEC LEA.
This documentation applies to the following versions of Splunk® Enterprise Security: 3.0