SlideShare a Scribd company logo

.conf Go 2023 - Raiffeisen Bank International

Splunk
Splunk

.conf Go 2023 - Raiffeisen Bank International Speaker: Manuel Traxler - Security Manager

Technology
1 of 16
© 2023 SPLUNK INC. Security Manager Manuel Traxler
© 2023 SPLUNK INC. Unleash the potential of your analysts: Empower them to automate like professionals Revolutionizing SOPs: The art of standardization - change the way of writing SOPs Increasing efficiency: the key to faster automation and reduced workloads
© 2023 SPLUNK INC. .. coordinating the collaboration between external providers and our team while ensuring rapid, efficient, and standardized data enrichment without shooting ourselves into the foot. A Challenge we have to overcome
© 2023 SPLUNK INC. Chapter 1 How to intake & define SOPs at scale
© 2023 SPLUNK INC. Too many SOPs Investigation Steps SOPs Unique Investigation Steps Different Categories for the analyst to select the steps relevant to the alert 2000 600 60 6
© 2023 SPLUNK INC.
© 2023 SPLUNK INC.
© 2023 SPLUNK INC. SOP’s with Benefits ✅ Available as JSON ✅ Store on Code repository for versioning and provisional purposes ✅ SOPs become faster to create and easier to understand ✅ Easy maintaining of SOP through MS PowerApps
© 2023 SPLUNK INC. Chapter 2 Workbooks
© 2023 SPLUNK INC. SOPs living in GIT, not in SOAR https://git-scm.com/downloads/logos
© 2023 SPLUNK INC. Workbooks! Workbooks are lists of standard tasks that you follow when you evaluate events or cases. Phase Task Phase Task
© 2023 SPLUNK INC. Chapter 3 Automate investigation
© 2023 SPLUNK INC. Workflow Investigation Input Playbooks perform the investigation steps previously selected by the use case author. Alert Potentially suspicious activity found in Splunk SIEM. Alert is sent to SOAR. Workbooks Automation Playbook identifies triggered Use Case and applies corresponding Workbook.
© 2023 SPLUNK INC.
© 2023 SPLUNK INC.
© 2023 SPLUNK INC. Inspiration ✅ Everybody automates faster ✅ SOPs in “refurbished” format (vendor agnostic) ✅ Don’t waste time

Recommended

March 2023 PNW User Group
March 2023 PNW User GroupMarch 2023 PNW User Group
March 2023 PNW User GroupAmanda Richardson
 
The Application Lifecycle Toolbox
The Application Lifecycle ToolboxThe Application Lifecycle Toolbox
The Application Lifecycle ToolboxSungard Availability Services
 
Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Rafael Santos
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation PrasadThorat23
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsHarry McLaren
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Splunk4Rookies - Attendee - May 2023.pdf
Splunk4Rookies - Attendee - May 2023.pdfSplunk4Rookies - Attendee - May 2023.pdf
Splunk4Rookies - Attendee - May 2023.pdfdjdhhdddhhd
 

Recommended

March 2023 PNW User Group
March 2023 PNW User GroupMarch 2023 PNW User Group
March 2023 PNW User GroupAmanda Richardson
 
The Application Lifecycle Toolbox
The Application Lifecycle ToolboxThe Application Lifecycle Toolbox
The Application Lifecycle ToolboxSungard Availability Services
 
Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Rafael Santos
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation PrasadThorat23
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsHarry McLaren
 
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarUsing Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - WebinarSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Splunk4Rookies - Attendee - May 2023.pdf
Splunk4Rookies - Attendee - May 2023.pdfSplunk4Rookies - Attendee - May 2023.pdf
Splunk4Rookies - Attendee - May 2023.pdfdjdhhdddhhd
 
The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...
The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...
The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...David Loia
 
Softengi - Inspired Software Engineering
Softengi - Inspired Software EngineeringSoftengi - Inspired Software Engineering
Softengi - Inspired Software EngineeringSoftengi
 
Microsoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with RunpipeMicrosoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with RunpipeRunpipe
 
Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Dynatrace
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunk
 
Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance NETSCOUT
 
SPINSPECTOR PRODUCT SHEET_15
SPINSPECTOR PRODUCT SHEET_15SPINSPECTOR PRODUCT SHEET_15
SPINSPECTOR PRODUCT SHEET_15Louis Trujillo
 
RightScale Roadtrip - Accelerate to Cloud
RightScale Roadtrip - Accelerate to CloudRightScale Roadtrip - Accelerate to Cloud
RightScale Roadtrip - Accelerate to CloudRightScale
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruMarketingArrowECS_CZ
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetupkamlesh2410
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...Harry McLaren
 
SplunkLive! Stockholm 2017 - EasyPark Customer Presentation
SplunkLive! Stockholm 2017 - EasyPark Customer PresentationSplunkLive! Stockholm 2017 - EasyPark Customer Presentation
SplunkLive! Stockholm 2017 - EasyPark Customer PresentationSplunk
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunk
 
November 2021 Splunk PNW User Group
November 2021 Splunk PNW User GroupNovember 2021 Splunk PNW User Group
November 2021 Splunk PNW User GroupAmanda Richardson
 
Splunk in Staples: IT Operations
Splunk in Staples: IT OperationsSplunk in Staples: IT Operations
Splunk in Staples: IT OperationsTimur Bagirov
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfUlf Thornander
 
Agile & SCRUM basics
Agile & SCRUM basicsAgile & SCRUM basics
Agile & SCRUM basicsArun R
 
How Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud EnvironmentsHow Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud EnvironmentsDeborah Schalm
 
How Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud EnvironmentsHow Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud EnvironmentsDevOps.com
 
No Tool is an Island: Building DevOps into your business
No Tool is an Island: Building DevOps into your businessNo Tool is an Island: Building DevOps into your business
No Tool is an Island: Building DevOps into your businessDevOps.com
 
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 

More Related Content

Similar to .conf Go 2023 - Raiffeisen Bank International

The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...
The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...
The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...David Loia
 
Softengi - Inspired Software Engineering
Softengi - Inspired Software EngineeringSoftengi - Inspired Software Engineering
Softengi - Inspired Software EngineeringSoftengi
 
Microsoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with RunpipeMicrosoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with RunpipeRunpipe
 
Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Dynatrace
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunk
 
Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance NETSCOUT
 
SPINSPECTOR PRODUCT SHEET_15
SPINSPECTOR PRODUCT SHEET_15SPINSPECTOR PRODUCT SHEET_15
SPINSPECTOR PRODUCT SHEET_15Louis Trujillo
 
RightScale Roadtrip - Accelerate to Cloud
RightScale Roadtrip - Accelerate to CloudRightScale Roadtrip - Accelerate to Cloud
RightScale Roadtrip - Accelerate to CloudRightScale
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruMarketingArrowECS_CZ
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetupkamlesh2410
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...Harry McLaren
 
SplunkLive! Stockholm 2017 - EasyPark Customer Presentation
SplunkLive! Stockholm 2017 - EasyPark Customer PresentationSplunkLive! Stockholm 2017 - EasyPark Customer Presentation
SplunkLive! Stockholm 2017 - EasyPark Customer PresentationSplunk
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunk
 
November 2021 Splunk PNW User Group
November 2021 Splunk PNW User GroupNovember 2021 Splunk PNW User Group
November 2021 Splunk PNW User GroupAmanda Richardson
 
Splunk in Staples: IT Operations
Splunk in Staples: IT OperationsSplunk in Staples: IT Operations
Splunk in Staples: IT OperationsTimur Bagirov
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfUlf Thornander
 
Agile & SCRUM basics
Agile & SCRUM basicsAgile & SCRUM basics
Agile & SCRUM basicsArun R
 
How Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud EnvironmentsHow Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud EnvironmentsDeborah Schalm
 
How Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud EnvironmentsHow Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud EnvironmentsDevOps.com
 
No Tool is an Island: Building DevOps into your business
No Tool is an Island: Building DevOps into your businessNo Tool is an Island: Building DevOps into your business
No Tool is an Island: Building DevOps into your businessDevOps.com
 

Similar to .conf Go 2023 - Raiffeisen Bank International (20)

The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...
The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...
The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...
 
Softengi - Inspired Software Engineering
Softengi - Inspired Software EngineeringSoftengi - Inspired Software Engineering
Softengi - Inspired Software Engineering
 
Microsoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with RunpipeMicrosoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with Runpipe
 
Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]Accelerate User Driven Innovation [Webinar]
Accelerate User Driven Innovation [Webinar]
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT TroubleshootingSplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
 
Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance Clues for Solving Cloud-Based App Performance
Clues for Solving Cloud-Based App Performance
 
SPINSPECTOR PRODUCT SHEET_15
SPINSPECTOR PRODUCT SHEET_15SPINSPECTOR PRODUCT SHEET_15
SPINSPECTOR PRODUCT SHEET_15
 
RightScale Roadtrip - Accelerate to Cloud
RightScale Roadtrip - Accelerate to CloudRightScale Roadtrip - Accelerate to Cloud
RightScale Roadtrip - Accelerate to Cloud
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
 
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group MeetupDecember Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
 
SplunkLive! Stockholm 2017 - EasyPark Customer Presentation
SplunkLive! Stockholm 2017 - EasyPark Customer PresentationSplunkLive! Stockholm 2017 - EasyPark Customer Presentation
SplunkLive! Stockholm 2017 - EasyPark Customer Presentation
 
SplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and LogsSplunkLive! Paris 2018: Integrating Metrics and Logs
SplunkLive! Paris 2018: Integrating Metrics and Logs
 
November 2021 Splunk PNW User Group
November 2021 Splunk PNW User GroupNovember 2021 Splunk PNW User Group
November 2021 Splunk PNW User Group
 
Splunk in Staples: IT Operations
Splunk in Staples: IT OperationsSplunk in Staples: IT Operations
Splunk in Staples: IT Operations
 
SSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdfSSE Overview Deck - Swedish User Group.pdf
SSE Overview Deck - Swedish User Group.pdf
 
Agile & SCRUM basics
Agile & SCRUM basicsAgile & SCRUM basics
Agile & SCRUM basics
 
How Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud EnvironmentsHow Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud Environments
 
How Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud EnvironmentsHow Optimal Alerting is Better for Cloud Environments
How Optimal Alerting is Better for Cloud Environments
 
No Tool is an Island: Building DevOps into your business
No Tool is an Island: Building DevOps into your businessNo Tool is an Island: Building DevOps into your business
No Tool is an Island: Building DevOps into your business
 

More from Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365 Splunk
 
Best of .conf22 Session Recommendations
Best of .conf22 Session RecommendationsBest of .conf22 Session Recommendations
Best of .conf22 Session RecommendationsSplunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 
Inside SecOps at bet365
Inside SecOps at bet365 Inside SecOps at bet365
Inside SecOps at bet365
 
Best of .conf22 Session Recommendations
Best of .conf22 Session RecommendationsBest of .conf22 Session Recommendations
Best of .conf22 Session Recommendations
 

Recently uploaded

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Recently uploaded (20)

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

.conf Go 2023 - Raiffeisen Bank International

  • 1. © 2023 SPLUNK INC. Security Manager Manuel Traxler
  • 2. © 2023 SPLUNK INC. Unleash the potential of your analysts: Empower them to automate like professionals Revolutionizing SOPs: The art of standardization - change the way of writing SOPs Increasing efficiency: the key to faster automation and reduced workloads
  • 3. © 2023 SPLUNK INC. .. coordinating the collaboration between external providers and our team while ensuring rapid, efficient, and standardized data enrichment without shooting ourselves into the foot. A Challenge we have to overcome
  • 4. © 2023 SPLUNK INC. Chapter 1 How to intake & define SOPs at scale
  • 5. © 2023 SPLUNK INC. Too many SOPs Investigation Steps SOPs Unique Investigation Steps Different Categories for the analyst to select the steps relevant to the alert 2000 600 60 6
  • 8. © 2023 SPLUNK INC. SOP’s with Benefits ✅ Available as JSON ✅ Store on Code repository for versioning and provisional purposes ✅ SOPs become faster to create and easier to understand ✅ Easy maintaining of SOP through MS PowerApps
  • 9. © 2023 SPLUNK INC. Chapter 2 Workbooks
  • 10. © 2023 SPLUNK INC. SOPs living in GIT, not in SOAR https://git-scm.com/downloads/logos
  • 11. © 2023 SPLUNK INC. Workbooks! Workbooks are lists of standard tasks that you follow when you evaluate events or cases. Phase Task Phase Task
  • 12. © 2023 SPLUNK INC. Chapter 3 Automate investigation
  • 13. © 2023 SPLUNK INC. Workflow Investigation Input Playbooks perform the investigation steps previously selected by the use case author. Alert Potentially suspicious activity found in Splunk SIEM. Alert is sent to SOAR. Workbooks Automation Playbook identifies triggered Use Case and applies corresponding Workbook.
  • 16. © 2023 SPLUNK INC. Inspiration ✅ Everybody automates faster ✅ SOPs in “refurbished” format (vendor agnostic) ✅ Don’t waste time