Enhancements

The Splunk App for Enterprise Security version 3.0 includes new dashboards, views, and tools to help security analysts detect malicious activity by analyzing the meta-characteristics of their data. Using the statistical command language in the Splunk platform, security analysts can evaluate their real-time and historical data to find patterns and detect unknown threats that exhibit anomalous behavior not detectable using pattern-based tools.

What's New

• Extended data source access (packet capture and netflow improvements) allow greater breadth of input

• Improved performance and scalability from the Splunk Enterprise 6.0 backend

• New visualizations for key security metrics and predictive analytics

• Easy visual correlation of events related to a given asset or identity

• Improved integration of external data sources for threat intelligence and data enrichment

• Reporting improvements through data models and pivot tables

Add-ons

• TA-nix is no longer included with the Splunk App for Enterprise Security. It is replaced with the Splunk Add-on for Unix and Linux. This new add-on is shipped with the app or available on Splunk>apps directly.

• The deployment apps linux_base, osx_base, solaris_base are no longer included with the app. They are replaced by the Splunk Add-on for Unix and Linux, which provides backwards compatibility for those still using the *_base apps.

• The Nessus add-on has been updated to support indexing of the data using the ReportHost StopTime field as an option. See the FAQ in the Data Source Integration Manual for more information.

• The Nessus add-on now extracts by default the signature_family" field.

• TA-checkpoint has been removed from the Enterprise Security distribution in favor of the new Splunk Add-on for Check Point OPSEC LEA. The existing add-on will not be removed during upgrade. To upgrade, see the Splunk Technology Add-on for Check Point OPSEC LEA.