DiscoverSplunk [Phantom] 2019 .conf Videos w/ SlidesOur Splunk Phantom Journey: Implementation, Lessons Learned, and Playbook Walkthroughs [Splunk Enterprise, Phantom]
Our Splunk Phantom Journey: Implementation, Lessons Learned, and Playbook Walkthroughs [Splunk Enterprise, Phantom]

Our Splunk Phantom Journey: Implementation, Lessons Learned, and Playbook Walkthroughs [Splunk Enterprise, Phantom]

Update: 2019-12-24
Share

Description

Learn from our experience implementing Splunk Phantom so that you can speed up your automation journey. We'll examine key decisions we made with our implementation and the good and the bad that resulted. We'll also cover our automation efforts in event triage, incident response and everything in between, with walkthroughs of our top playbooks. Additionally, we'll present how we tackled Splunk alert ingestion and what Phantom could look like in a cloud-first deployment.


Speaker(s)
John Murphy, Security Analyst, NAB
Chris Hanlen, Lead Cyber Security Specialist, NAB



Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1506.pdf?podcast=1577146239


Product: Splunk Enterprise, Phantom


Track: Security, Compliance and Fraud


Level: Good for all skill levels

Comments 
In Channel
What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-2433:47

Zero to Hero: A 202-Year-Old Firm’s Journey to End-to-End Security Visibility [Splunk Cloud, Splunk Enterprise Security, Phantom]

Zero to Hero: A 202-Year-Old Firm’s Journey to End-to-End Security Visibility [Splunk Cloud, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Make Your Security Tools Work Better Together Using Splunk's Adaptive Operations Framework [Splunk Enterprise, Splunk Enterprise Security, Phantom]

Make Your Security Tools Work Better Together Using Splunk's Adaptive Operations Framework [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Mission Control: A Day in the Life of a Security Analyst [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Mission Control: A Day in the Life of a Security Analyst [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-24--:--

Our Splunk Phantom Journey: Implementation, Lessons Learned, and Playbook Walkthroughs [Splunk Enterprise, Phantom]

Our Splunk Phantom Journey: Implementation, Lessons Learned, and Playbook Walkthroughs [Splunk Enterprise, Phantom]

2019-12-24--:--

Pull up your SOCs 2.0 [Splunk Enterprise, Splunk Enterprise Security, Phantom]

Pull up your SOCs 2.0 [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Running Splunk in an Air-gapped environment [Splunk Enterprise, Splunk Enterprise Security, Phantom]

Running Splunk in an Air-gapped environment [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

2019-12-24--:--

Solving Endpoint Security & Perimeter Blindness with Splunk – Lessons from Cisco’s Internal InfoSec Deployment [Splunk Cloud, Splunk Enterprise Security, Phantom]

Solving Endpoint Security & Perimeter Blindness with Splunk – Lessons from Cisco’s Internal InfoSec Deployment [Splunk Cloud, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Soup to Nuts SRE: How to leverage ITSI, VictorOps and Phantom to be a site reliability engineering super hero [Splunk Enterprise, Splunk IT Service Intelligence, Phantom, VictorOps]

Soup to Nuts SRE: How to leverage ITSI, VictorOps and Phantom to be a site reliability engineering super hero [Splunk Enterprise, Splunk IT Service Intelligence, Phantom, VictorOps]

2019-12-24--:--

Splunk Phantom Ignition: Getting Automation Off the Ground and Working for You [Phantom]

Splunk Phantom Ignition: Getting Automation Off the Ground and Working for You [Phantom]

2019-12-24--:--

Step Up Your Defenses with End-To-End Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Step Up Your Defenses with End-To-End Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-24--:--

Survival of the Fastest: The 1-10-60 Rule [Splunk Enterprise, Splunk Enterprise Security, Phantom]

Survival of the Fastest: The 1-10-60 Rule [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Tackle AWS Security Automatically with Splunk Phantom [Phantom]

Tackle AWS Security Automatically with Splunk Phantom [Phantom]

2019-12-24--:--

The CISO’s Guide to Shutting Down Attacks Using the Dark Web + Live Dark Web Tour [Splunk Enterprise, Splunk Enterprise Security, Phantom]

The CISO’s Guide to Shutting Down Attacks Using the Dark Web + Live Dark Web Tour [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

2019-12-24--:--

Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-24--:--

Deploying Splunk Enterprise Security and Splunk Phantom At Scale [Splunk Enterprise, Splunk Enterprise Security, Phantom]

Deploying Splunk Enterprise Security and Splunk Phantom At Scale [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]

Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]

2019-12-24--:--

Diving into Splunk Phantom's Overlooked Features [Phantom]

Diving into Splunk Phantom's Overlooked Features [Phantom]

2019-12-24--:--

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Our Splunk Phantom Journey: Implementation, Lessons Learned, and Playbook Walkthroughs [Splunk Enterprise, Phantom]

Our Splunk Phantom Journey: Implementation, Lessons Learned, and Playbook Walkthroughs [Splunk Enterprise, Phantom]

Splunk