All news with #splunk tag

🤖 Enterprises migrating between SIEM platforms face repetitive, error-prone rule rewrites because vendors like Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle use distinct query languages and data models. Researchers from the National University of Singapore propose ARuleCon, an AI-assisted framework that translates rules while preserving detection intent. In tests on nearly 1,500 conversions it improved accuracy about 10–15% over baseline LLM approaches. Practitioners caution that deterministic engineering, robust validation, and human oversight remain essential to avoid semantic drift and operational risk.

🔒 AWS Security Hub Extended consolidates AWS and curated partner security services into a unified, pay-as-you-go offering for multicloud full-stack protection. It centralizes procurement, billing, and operations across endpoint, identity, email, network, data, browser, cloud, and AI protections while integrating findings in OCSF format. Customers can onboard via the AWS Console, assign delegated administrator accounts for centralized management, and route normalized findings to tools such as Splunk and 7AI for coordinated response.

🔍 In this episode of Talos Takes, Amy is joined by William Largent (Cisco Talos) and Lou Stella (Splunk) for a double-header review of the newly released Cisco Talos 2025 Year in Review and the Splunk Top 50 Cybersecurity Threats. The conversation draws on Cisco telemetry, Talos original research, and Talos Incident Response engagements to move beyond headlines and identify actionable trends. Highlights include the professionalization of ransomware-as-a-service, the persistent exploitation of decade-old vulnerabilities, and practical guidance to help defenders prioritize mitigations and shrink their attack surface for the year ahead.

🔒 This guide helps security teams evaluate and select a Security Information and Event Management (SIEM) solution by outlining key selection criteria and practical trade-offs. It covers operational models (SaaS vs on-premises), analytics and AI/ML capabilities, log collection and parsing, alerting and role-based access, compliance requirements and ecosystem integrations. The guide also discusses pricing models and highlights vendors such as Splunk, Microsoft Sentinel and IBM QRadar to help start vendor research and pilot selection.

🔍 At .Conf in Boston, Splunk and parent company Cisco positioned machine data as central to next‑generation AI incident response, arguing telemetry represents roughly 55% of global data growth. They stressed tighter integration of security and observability, a federated data model with new support for Snowflake, and standards work such as OpenTelemetry and the Open Cybersecurity Framework (OCSF). Splunk also previewed enhanced security operations capabilities — a premier Enterprise Security bundle, Detection Studio, and agentic AI features — while acknowledging customer concerns about costs, legacy positioning, and support.