What's new in the Splunk App for Splunk Attack Analyzer
This release of the Splunk App for Splunk Attack Analyzer includes the following enhancements.
Compatibility
This app is compatible with Splunk Enterprise 9.0.x or higher and Splunk Cloud Platform. For product details, see Splunk Enterprise and Splunk Cloud Platform.
What's New in 1.2.0
| New Feature or Enhancement | Description |
|---|---|
| Notable-generating searches for Jobs data | Three new correlation searches were added to the Splunk App for Splunk Attack Analyzer:
These new correlation searches create notables with the name of "Threat - Splunk Attack Analyzer - Job Detected with Score of <display score> and Verdict of <verdict>" for every job that scores a certain amount in Splunk Attack Analyzer. Scores are on a 0 to 100 scale and are returned by the engine once the engine has completed analysis for a given resource. A score of 0 indicates no evidence of maliciousness, while a score of 100 indicates a high evidence of maliciousness. A score of 0-29 is a low-scoring job, 30-69 is a medium-scoring job, and 70-100 is a high-scoring job. These correlation searches are deactivated by default. To activate them, navigate to Splunk Enterprise Security, then Configure, then Content, then Content Management. Search for the correlation search you want to enable and select Activate/ Turn on. |
| Troubleshoot the Splunk App for Splunk Attack Analyzer | Known Issues for the Splunk App for Splunk Attack Analyzer |
This documentation applies to the following versions of Splunk® App for Splunk Attack Analyzer: 1.2.0
Download manual
Feedback submitted, thanks!