DiscoverSplunk [Phantom] 2019 .conf Videos w/ SlidesScary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]
Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

Update: 2019-12-24
Share

Description

Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts.


Speaker(s)
Robb Mayeski, Security Automation Magician , EY
Will Burger, Security Automation Consultant, EY
Haris Shawl, EY



Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146239


Product: Splunk Enterprise Security, Phantom


Track: Security, Compliance and Fraud


Level: Good for all skill levels

Comments 
In Channel
What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-2433:47

Zero to Hero: A 202-Year-Old Firm’s Journey to End-to-End Security Visibility [Splunk Cloud, Splunk Enterprise Security, Phantom]

Zero to Hero: A 202-Year-Old Firm’s Journey to End-to-End Security Visibility [Splunk Cloud, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Make Your Security Tools Work Better Together Using Splunk's Adaptive Operations Framework [Splunk Enterprise, Splunk Enterprise Security, Phantom]

Make Your Security Tools Work Better Together Using Splunk's Adaptive Operations Framework [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Mission Control: A Day in the Life of a Security Analyst [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Mission Control: A Day in the Life of a Security Analyst [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-24--:--

Our Splunk Phantom Journey: Implementation, Lessons Learned, and Playbook Walkthroughs [Splunk Enterprise, Phantom]

Our Splunk Phantom Journey: Implementation, Lessons Learned, and Playbook Walkthroughs [Splunk Enterprise, Phantom]

2019-12-24--:--

Pull up your SOCs 2.0 [Splunk Enterprise, Splunk Enterprise Security, Phantom]

Pull up your SOCs 2.0 [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Running Splunk in an Air-gapped environment [Splunk Enterprise, Splunk Enterprise Security, Phantom]

Running Splunk in an Air-gapped environment [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

2019-12-24--:--

Solving Endpoint Security & Perimeter Blindness with Splunk – Lessons from Cisco’s Internal InfoSec Deployment [Splunk Cloud, Splunk Enterprise Security, Phantom]

Solving Endpoint Security & Perimeter Blindness with Splunk – Lessons from Cisco’s Internal InfoSec Deployment [Splunk Cloud, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Soup to Nuts SRE: How to leverage ITSI, VictorOps and Phantom to be a site reliability engineering super hero [Splunk Enterprise, Splunk IT Service Intelligence, Phantom, VictorOps]

Soup to Nuts SRE: How to leverage ITSI, VictorOps and Phantom to be a site reliability engineering super hero [Splunk Enterprise, Splunk IT Service Intelligence, Phantom, VictorOps]

2019-12-24--:--

Splunk Phantom Ignition: Getting Automation Off the Ground and Working for You [Phantom]

Splunk Phantom Ignition: Getting Automation Off the Ground and Working for You [Phantom]

2019-12-24--:--

Step Up Your Defenses with End-To-End Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Step Up Your Defenses with End-To-End Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-24--:--

Survival of the Fastest: The 1-10-60 Rule [Splunk Enterprise, Splunk Enterprise Security, Phantom]

Survival of the Fastest: The 1-10-60 Rule [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Tackle AWS Security Automatically with Splunk Phantom [Phantom]

Tackle AWS Security Automatically with Splunk Phantom [Phantom]

2019-12-24--:--

The CISO’s Guide to Shutting Down Attacks Using the Dark Web + Live Dark Web Tour [Splunk Enterprise, Splunk Enterprise Security, Phantom]

The CISO’s Guide to Shutting Down Attacks Using the Dark Web + Live Dark Web Tour [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

2019-12-24--:--

Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-24--:--

Deploying Splunk Enterprise Security and Splunk Phantom At Scale [Splunk Enterprise, Splunk Enterprise Security, Phantom]

Deploying Splunk Enterprise Security and Splunk Phantom At Scale [Splunk Enterprise, Splunk Enterprise Security, Phantom]

2019-12-24--:--

Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]

Differentiating Evil from Benign in the Normally Abnormal World [Splunk Enterprise Security, Splunk IT Service Intelligence, Phantom]

2019-12-24--:--

Diving into Splunk Phantom's Overlooked Features [Phantom]

Diving into Splunk Phantom's Overlooked Features [Phantom]

2019-12-24--:--

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

Scary (Spooky?) Fast Intelligence-Based Hunting with Splunk Phantom [Splunk Enterprise Security, Phantom]

Splunk