DiscoverSplunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ SlidesLessons Learned From Building a Threat Detection Program [Splunk Enterprise, Splunk Enterprise Security, AI/ML]
Lessons Learned From Building a Threat Detection Program [Splunk Enterprise, Splunk Enterprise Security, AI/ML]

Lessons Learned From Building a Threat Detection Program [Splunk Enterprise, Splunk Enterprise Security, AI/ML]

Update: 2019-12-24
Share

Description

We will share experiences and best practices for implementing notable events, the various Splunk Enterprise Security frameworks, and adaptive response actions, and we'll share our approach for building a program to consistently develop, measure, and iterate on correlation searches. We will discuss how to integrate lessons learned from incidents, red team engagements, threat intelligence, threat hunting, and requirements from business units into the program. Example tactics we'll cover include leveraging low-fidelity detections to develop higher-fidelity and higher-value ones, managing detection content simply and easily through macros, and building a formula to assess the efficacy of your detection content.


Speaker(s)
Chris Ogden, Principal Threat Detection Engineer, Sony Corporation of America
Drew Guarino, Senior Threat Detection Engineer, Sony Corporation of America



Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1674.pdf?podcast=1577146258


Product: Splunk Enterprise, Splunk Enterprise Security, AI/ML


Track: Security, Compliance and Fraud


Level: Good for all skill levels

Comments 
In Channel
The New Experiment Experience in the Splunk Machine Learning Toolkit [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

The New Experiment Experience in the Splunk Machine Learning Toolkit [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

2019-12-2444:04

The SOC of the Future [Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics]

The SOC of the Future [Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics]

2019-12-2446:36

The Two Most Common Machine Learning Solutions Everyone Needs to Know [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

The Two Most Common Machine Learning Solutions Everyone Needs to Know [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

2019-12-24--:--

Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

2019-12-24--:--

User Experience Modeling with the Splunk Machine Learning Toolkit [Splunk Machine Learning Toolkit, AI/ML]

User Experience Modeling with the Splunk Machine Learning Toolkit [Splunk Machine Learning Toolkit, AI/ML]

2019-12-24--:--

Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-24--:--

Using Machine Learning to Detect Traffic Anomalies [Splunk Machine Learning Toolkit, AI/ML]

Using Machine Learning to Detect Traffic Anomalies [Splunk Machine Learning Toolkit, AI/ML]

2019-12-24--:--

What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-24--:--

You Only Learn Once (YOLO) [Splunk Enterprise, Splunk Machine Learning Toolkit]

You Only Learn Once (YOLO) [Splunk Enterprise, Splunk Machine Learning Toolkit]

2019-12-24--:--

Introduction to monitoring business operations with Acceleris’ party dashboard [Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

Introduction to monitoring business operations with Acceleris’ party dashboard [Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

2019-12-24--:--

Is it Normal or Suspicious? Detecting Anomalies via Market Basket Analysis [Splunk User Behavior Analytics]

Is it Normal or Suspicious? Detecting Anomalies via Market Basket Analysis [Splunk User Behavior Analytics]

2019-12-24--:--

Just a normal day in the office – Data driven business process improvements for a global supply chain company. [Splunk Cloud, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

Just a normal day in the office – Data driven business process improvements for a global supply chain company. [Splunk Cloud, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

2019-12-24--:--

Large Scale Threat Hunting in Splunk [Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit]

Large Scale Threat Hunting in Splunk [Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit]

2019-12-24--:--

Lessons Learned From Building a Threat Detection Program [Splunk Enterprise, Splunk Enterprise Security, AI/ML]

Lessons Learned From Building a Threat Detection Program [Splunk Enterprise, Splunk Enterprise Security, AI/ML]

2019-12-24--:--

Lessons Learned from Deploying Splunk UBA [Splunk User Behavior Analytics, AI/ML]

Lessons Learned from Deploying Splunk UBA [Splunk User Behavior Analytics, AI/ML]

2019-12-24--:--

Los Angeles World Airports - Streamlining event management with IT Service Intelligence (ITSI) [Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

Los Angeles World Airports - Streamlining event management with IT Service Intelligence (ITSI) [Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

2019-12-24--:--

Machine Learning & Splunk 2019: The Splunk Machine Learning Toolkit in Action [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

Machine Learning & Splunk 2019: The Splunk Machine Learning Toolkit in Action [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

2019-12-24--:--

Maintaining a state of good repair with predictive analytics [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

Maintaining a state of good repair with predictive analytics [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

2019-12-24--:--

Marcus by Goldman Sachs: Monitoring an Online Banking Startup with Splunk [Splunk Enterprise, AI/ML]

Marcus by Goldman Sachs: Monitoring an Online Banking Startup with Splunk [Splunk Enterprise, AI/ML]

2019-12-24--:--

Maximizing permissioned blockchain throughput using Samsung SDS Accelerator and Splunk MLTK [Splunk Enterprise, AI/ML]

Maximizing permissioned blockchain throughput using Samsung SDS Accelerator and Splunk MLTK [Splunk Enterprise, AI/ML]

2019-12-24--:--

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Lessons Learned From Building a Threat Detection Program [Splunk Enterprise, Splunk Enterprise Security, AI/ML]

Lessons Learned From Building a Threat Detection Program [Splunk Enterprise, Splunk Enterprise Security, AI/ML]

Splunk