Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]

Update: 2019-12-24

Description

Initial compromises happen on your endpoints, so why are you not Splunking them? In this edition of Splunking The Endpoint, we will tell you exactly what to configure in Splunk, and where, why, and how to do so in order to get unparalleled visibility into threats targeting your network. Not only will we revisit popular operating system and open-source endpoint data sources like Sysmon and Osquery, but we'll also talk about various popular commercial EDR products and give you best practices for collecting data from them. Lastly, we'll help you address any doubts about scale problems and licensing costs.Please bring your laptop! We will dive through the latest Boss of the SOC (BOTS) endpoint data and demonstrate the detection techniques needed to answer BOTS questions. Everything you learn will be something you can take home and put into production immediately.

Speaker(s)
James Brodsky, Director, Global Security Kittens, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2007.pdf?podcast=1577146268

Product: Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor

Track: Security, Compliance and Fraud

Level: Good for all skill levels

Comments

In Channel

Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]

2019-12-24--:--

Take Control of Port 514!: Taming the Syslog Beast [Splunk Enterprise, Splunk Cloud, Splunk Data Fabric Search and Data Stream Processor]

2019-12-24--:--

Using Splunk Data Stream Processor for advanced stream management [Splunk Data Fabric Search and Data Stream Processor]

2019-12-24--:--

Using Splunk Data Stream Processor as a Streaming Engine for Apache Kafka [Splunk Data Fabric Search and Data Stream Processor]

2019-12-24--:--

How to effectively run high cardinality and federated searches using Data Fabric Search. [Splunk Data Fabric Search and Data Stream Processor]

2019-12-24--:--

Introduction to Collect Service [Splunk Data Fabric Search and Data Stream Processor, Splunk Developer Cloud]

2019-12-24--:--

Data Stream Processor: Architecture and SDKs [Splunk Data Fabric Search and Data Stream Processor]

2019-12-24--:--

Data Stream Processor: How to get the most out of your data! [Splunk Data Fabric Search and Data Stream Processor]

2019-12-24--:--

Using Splunk Data Stream Processor for advanced stream management [Splunk Data Fabric Search and Data Stream Processor]

2019-12-21--:--

Using Splunk Data Stream Processor as a Streaming Engine for Apache Kafka [Splunk Data Fabric Search and Data Stream Processor]

2019-12-21--:--

How to effectively run high cardinality and federated searches using Data Fabric Search. [Splunk Data Fabric Search and Data Stream Processor]

2019-12-21--:--

Introduction to Collect Service [Splunk Data Fabric Search and Data Stream Processor, Splunk Developer Cloud]

2019-12-21--:--

Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]

2019-12-21--:--

Take Control of Port 514!: Taming the Syslog Beast [Splunk Enterprise, Splunk Cloud, Splunk Data Fabric Search and Data Stream Processor]

2019-12-21--:--

Data Stream Processor: Architecture and SDKs [Splunk Data Fabric Search and Data Stream Processor]

2019-12-21--:--

Data Stream Processor: How to get the most out of your data! [Splunk Data Fabric Search and Data Stream Processor]

2019-12-21--:--

00:00

Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]

#box-pro-ellipsis-176244334480556{-webkit-line-clamp:2;}Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]

Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]

Splunk

Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]