![Large Scale Threat Hunting in Splunk [Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit]](https://s3.castbox.fm/42/b4/88/6de118a42264bad73e2611343fe123ff59_scaled_v1_400.jpg "Large Scale Threat Hunting in Splunk [Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit]")
Large Scale Threat Hunting in Splunk [Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit]
Update: 2019-12-24
Description
Threat hunting is hard, and threat hunting in an enterprise network with thousands of endpoints is even harder. We will demonstrate how we leveraged Splunk Enterprise to build an Advanced Threat Hunting platform designed for large scale threat hunting of 100,000 or more endpoints. Using Splunk Enterprise allows us to combine analytics, data enrichment, and custom workflows to display in one platform the most important data to analysts. Our threat hunting platform addresses the challenges of data retention and collection, high false positive rates, and analyst fatigue, all while lowering the time to detection of malicious incidents and improving the efficiency of enterprise SOC operations.
Speaker(s)
Dan Rossell, Analyst, Booz Allen Hamilton
Ashleigh Moriarty, Lead Technologist, Booz Allen Hamilton
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1071.pdf?podcast=1577146258
Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit
Track: Security, Compliance and Fraud
Level: Intermediate
Speaker(s)
Dan Rossell, Analyst, Booz Allen Hamilton
Ashleigh Moriarty, Lead Technologist, Booz Allen Hamilton
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1071.pdf?podcast=1577146258
Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit
Track: Security, Compliance and Fraud
Level: Intermediate
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
