![Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]](https://s3.castbox.fm/42/b4/88/6de118a42264bad73e2611343fe123ff59_scaled_v1_400.jpg "Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]")
Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]
Update: 2019-12-24
Description
Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats.
Speaker(s)
Phil Royer, Research Engineer, Splunk
Rod Soto, Principal Security Research Engineer, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146239
Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom
Track: Security, Compliance and Fraud
Level: Advanced
Speaker(s)
Phil Royer, Research Engineer, Splunk
Rod Soto, Principal Security Research Engineer, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146239
Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom
Track: Security, Compliance and Fraud
Level: Advanced
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
