Submit Search
Upload
Exploring Frameworks of Splunk Enterprise Security
•
Download as PPTX, PDF
•
0 likes
•
249 views
Splunk
Follow
Demonstrating Frameworks of Splunk Enterprise Security
Read less
Read more
Technology
Report
Share
Report
Share
1 of 58
Download now
Recommended
Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
Splunk
Einführung in Security Analytics Methoden
Einführung in Security Analytics Methoden
Splunk
Turning Data into Business outcomes
Turning Data into Business outcomes
Splunk
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods
Splunk
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
Splunk
Extending Splunk to Business use cases with Process Mining
Extending Splunk to Business use cases with Process Mining
Splunk
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Splunk
Turning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk Platform
Splunk
Recommended
Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
Splunk
Einführung in Security Analytics Methoden
Einführung in Security Analytics Methoden
Splunk
Turning Data into Business outcomes
Turning Data into Business outcomes
Splunk
Introduction into Security Analytics Methods
Introduction into Security Analytics Methods
Splunk
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
How to Move from Monitoring to Observability, On-Premises and in a Multi-Clou...
Splunk
Extending Splunk to Business use cases with Process Mining
Extending Splunk to Business use cases with Process Mining
Splunk
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Splunk
Turning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk Platform
Splunk
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
Splunk
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform Release
Splunk
Machine Learning in Action
Machine Learning in Action
Splunk
Splunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und Automation
Splunk
Machine Learning in Action
Machine Learning in Action
Splunk
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
Splunk
"Splunk Worst Practices"... und wie man diese behebt
"Splunk Worst Practices"... und wie man diese behebt
Splunk
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Splunk
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Splunk
Get More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + ML
Splunk
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
Adventures in Monitoring and Troubleshooting
Adventures in Monitoring and Troubleshooting
Splunk
The DevOps Promise: Helping Management Realise the Quality, Velocity & Effici...
The DevOps Promise: Helping Management Realise the Quality, Velocity & Effici...
Splunk
Splunk-Presentation
Splunk-Presentation
PrasadThorat23
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
Splunk
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Splunk
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
Splunk
More Related Content
What's hot
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
Splunk
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform Release
Splunk
Machine Learning in Action
Machine Learning in Action
Splunk
Splunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und Automation
Splunk
Machine Learning in Action
Machine Learning in Action
Splunk
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
Splunk
"Splunk Worst Practices"... und wie man diese behebt
"Splunk Worst Practices"... und wie man diese behebt
Splunk
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Splunk
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Splunk
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Splunk
Get More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + ML
Splunk
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
Adventures in Monitoring and Troubleshooting
Adventures in Monitoring and Troubleshooting
Splunk
The DevOps Promise: Helping Management Realise the Quality, Velocity & Effici...
The DevOps Promise: Helping Management Realise the Quality, Velocity & Effici...
Splunk
What's hot
(14)
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
What's New with the Latest Splunk Platform Release
What's New with the Latest Splunk Platform Release
Machine Learning in Action
Machine Learning in Action
Splunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und Automation
Machine Learning in Action
Machine Learning in Action
Worst Splunk practices...and how to fix them
Worst Splunk practices...and how to fix them
"Splunk Worst Practices"... und wie man diese behebt
"Splunk Worst Practices"... und wie man diese behebt
Splunk Cloud and Splunk Enterprise 7.2
Splunk Cloud and Splunk Enterprise 7.2
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Get More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + ML
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Adventures in Monitoring and Troubleshooting
Adventures in Monitoring and Troubleshooting
The DevOps Promise: Helping Management Realise the Quality, Velocity & Effici...
The DevOps Promise: Helping Management Realise the Quality, Velocity & Effici...
Similar to Exploring Frameworks of Splunk Enterprise Security
Splunk-Presentation
Splunk-Presentation
PrasadThorat23
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
Splunk
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Splunk
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
Splunk
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
Adam Tice
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
Rod Soto
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
kamlesh2410
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Rene Aguero
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
Similar to Exploring Frameworks of Splunk Enterprise Security
(20)
Splunk-Presentation
Splunk-Presentation
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
More from Splunk
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
Splunk
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
Splunk
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
Splunk
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Splunk
More from Splunk
(20)
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Recently uploaded
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Deakin University
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
comworks
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
Softradix Technologies
The transition to renewables in India.pdf
The transition to renewables in India.pdf
Competition Advisory Services (India) LLP
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Andrey Dotsenko
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
null - The Open Security Community
Recently uploaded
(20)
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
The transition to renewables in India.pdf
The transition to renewables in India.pdf
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Exploring Frameworks of Splunk Enterprise Security
1.
© 2019 SPLUNK
INC.© 2019 SPLUNK INC. Explore the Frameworks of Splunk Enterprise Security
2.
© 2019 SPLUNK
INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward-Looking Statements
3.
© 2019 SPLUNK
INC. ANGELO BRANCATO Security Specialist, EMEA
4.
© 2019 SPLUNK
INC. 1. Introduction 2. Splunk as an Analytics-Driven SIEM 3. Frameworks of Enterprise Security 4. Use Cases Enabled by the frameworks 5. Q&A Agenda
5.
© 2017 SPLUNK
INC. Splunk turns machine data into answers Network Servers DevOps Users Cloud Security Databases O F T H E Same Data D I F F E R E N T People A S K I N G D I F F E R E N T Questions
6.
THREATS ARE MORE COMPLEX AND FAR
REACHING NOT CLOSING THE SKILLS GAP SECURITY TO ENABLE BUSINESS AND THE MISSION
7.
T I E
R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M F O R I N V E S T I G AT I O N A N D T O O R C H E S T R AT E T H E M A L L 90% 50% 1
8.
© 2018 SPLUNK
INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data Free Security Apps / Content
9.
© 2018 SPLUNK
INC. Splunk Security Portfolio ANALYTICS DATA PLATFORM OPERATIONS Platform for Machine Data Free Security Apps / Content Investigate, Forensics, Hunting Security & Compliance Monitoring IR, Risk & Security Situational Awareness SOC Automation & Orchestration Reactive Proactive Level 1 Level 2 Level 3 Level 4 INVESTIGATE MONITOR ANALYZE ACT
10.
© 2018 SPLUNK
INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data Free Security Apps / Content
11.
© 2019 SPLUNK
INC. Slow Investigations Inability to Effectively Ingest Data Limited Security Data Types Inflexible Deployment Options End-of-Life or Uncertain Roadmap Closed Ecosystem Instability and Scalability Security Operations Must Change Legacy SIEM not optimized for today’s security operations
12.
© 2019 SPLUNK
INC. Splunk as Your SIEM Fully optimized for modern security operations Fast Flexible Investigations Quickly Ingest Data at Massive Scale All Security Related Data Cloud, Hybrid and On- Premises Portfolio includes SIEM, UEBA, SOAR Open Ecosystem with 850+ partner integrations Petabytes Scale
13.
© 2019 SPLUNK
INC. Splunk Enterprise Security Addresses Security Operations Challenges MONITOR RESPONDDETECTFUNCTIONS INVESTIGATE Review Determine1 2 3 4Decide Act & AdaptPROCESS Prioritize incidents Decide what is most important to follow up or investigate SOLUTION Respond in a timely manner Do each step as fast as possible, with as little people as possible Effectively analyze Each bit of data needs context and relationship to all others
14.
What Is Enterprise
Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
15.
What Is Enterprise
Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
16.
© 2019 SPLUNK
INC. ► Streamline Incident Management • Consolidated incident management allows effective lifecycle management of security incidents. ► Make Rapid Decisions • Automatically aligns all security context together for fast incident qualification and provides predefined analysis paths. ► Refine Security Management • Investigation management and customizations to support complex process integration requirements. Workflow for Streamlined Incident Management Handle Security Incidents – Notable Events Framework Discovery to remediation
17.
© 2019 SPLUNK
INC. ► Use for Security Operations • “Application” logics are pre-built on top of Splunk Enterprise as data platform. • Provide graphically oriented user experience supporting the security operations workflow. ► Intuitive User Interface Optimized for Security Operations • Security operational tasks designed into user interface versus search bar interface. • Key relevant information automatically presented as summary of incident. Notable Events and Incident Review MONITOR RESPONDDETECTFUNCTIONS INVESTIGATE
18.
© 2019 SPLUNK
INC.INCIDENT REVIEW INTERFACE
19.
© 2019 SPLUNK
INC. Overall Incident Status and Control • Provides central workflow management for all security incidents • Search / Filter / Zoom into incidents or timeframe • Monitor new and changing incident status • Field oriented search/filtering on the most common investigation fields Benefits: • Integrated / consolidated incident management • Simple and fast understanding of all incidents in the network SEARCH AND NAVIGATION INTERFACE INCIDENT REVIEW INTERFACE
20.
© 2019 SPLUNK
INC. Notable events provide alerting framework tuned to the corporation • Information dense display provide contextual information for rapid analyst understanding of threat information • Incident management and workflow including status, owner, triggering security domains • Important fields are displayed and incident and field pivot actions provide contextual “investigation” Benefits: • Optimize triage to evidence gathering to incident investigation • Rapid understanding of threats in the environment CONSOLIDATED INCIDENT MANAGEMENT INTERFACE INCIDENT REVIEW INTERFACE
21.
© 2019 SPLUNK
INC. 1Risk-based security Fast Incident Review and Investigation List of installed / imported Contents Incidents that match correlation rule – important events within your environment 1 Workflow Process 1: Event Overview • The result of matching correlations searches executed, shows type of rule, domain, urgency, status, owner • Provides information to clear status of activities in the network INCIDENT REVIEW INTERFACE
22.
© 2019 SPLUNK
INC. 1Risk-based security Fast Incident Review and Investigation List of installed / imported Contents Incident Context - Identity, Asset, .. 2 Workflow Process 2: Incident Context • Automated / customizable incident context correlations, aligns all relevant context information to an incident • Provides fast situational understanding of an incident INCIDENT REVIEW INTERFACE
23.
© 2019 SPLUNK
INC. Fast Incident Review and Investigation Analysis Actions : set of actions are linked to each field/value 3 Workflow Process 3: Analysis Actions • Ability to deep dive into different pre-defined domain analysis for a specific entity in an incident • Provides most logical analysis options for deeper insights INCIDENT REVIEW INTERFACE
24.
© 2019 SPLUNK
INC. 1Risk-based security Fast Incident Review and Investigation List of installed / imported Contents Actions available for all incidents4 Workflow Process 4: Remediation Actions • Customizable incident remediation actions to manage the state of incident or further extend the process to other features / systems • Provides ability to associate desired remediation actions INCIDENT REVIEW INTERFACE
25.
© 2017 SPLUNK
INC. Notable Event Framework https://dev.splunk.com/view/enterprise-security/SP-CAAAFA9
26.
© 2019 SPLUNK
INC. What Is Enterprise Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
27.
© 2019 SPLUNK
INC. Asset and Identity Framework Automatically maps asset and identity context to incidents ASSET RESOLUTION - Which? - Function - Owner - Location - Impact IDENTITY RESOLUTION - By who? - Role - From? - Privilege - Source IP : PC from remote office - Target server : - PCI Zone Database - Belongs to ecommerce team - Web mart database - Source IP User : - Bill Williams, VP of Finance - Pleasanton office - No recent Windows patch Identity Info Mapped Asset Info Mapped ▶ Fast Incident Qualification • By automating context enrichment, SecOps can qualify more incidents quickly ▶ Extended Situation Based Insights • Rich enrichment allows more accurate assessment of situational aspect of incidents
28.
© 2019 SPLUNK
INC. Asset / Identity resolutions • Translate related asset (Host function, name, location, subnet) and user (ID, User name, location) to details for qualification Benefits : • Prioritize incidents by understand the importance of asset / ID as well as situational awareness related to the asset Other security / vulnerability lookups • Status on various context enrichment data sources - Vulnerability Information - Patch Status - Other various customizable lookups from other sources Enriched security context / What? Where? Who? How? SECURITY ENRICHED CONTEXT Correlations search match details • Detailed descriptions of the event, customizable for recommendation
29.
© 2019 SPLUNK
INC. Asset and Identity Framework : Asset Database ASSET Database Synchronize and merge asset DB (CMDB, API, Ext DB)
30.
© 2019 SPLUNK
INC. Asset and Identity Framework : Identity Database IDENTITY Database Synchronize with HR / LDAP/ AD / User DB
31.
© 2019 SPLUNK
INC. Asset and Identity Framework : Enrichment Expand Enrichment Unlimited expansion to enrich any information to incident
32.
© 2019 SPLUNK
INC. Representative list of Assets and Identities CMDB Sophos
33.
© 2019 SPLUNK
INC. Asset and Identity Framework https://dev.splunk.com/view/enterprise-security/SP-CAAAFBB
34.
© 2019 SPLUNK
INC. What Is Enterprise Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
35.
© 2019 SPLUNK
INC. ► Expose Risk Factors to Analysts • Rationalize and analyze behaviors and relationships across all data. • Investigate risk factors to anticipate threats and prevent future threats. ► Prioritize/Decide Based on Risk • Transparent evidence translate to quantitative numbers. • Ability map scores to different objects including events and aggregate based on a criteria. (Functions, Business units, Physical business location, etc.) Risk Framework Quantitative metrics are applied to distinguish importance +80 Asset Identity Other Attributes TOTAL RISK SCORE Occurrence of matching correlations searches
36.
© 2019 SPLUNK
INC. Risk Attribution Using a Summary Index or ES Risk Index RiskRule-AnomalousLogin RiskRule-ThreatIntelIOC RiskRule-MalwareDetection RiskRule-IDSRecon RiskRule-IDSAttack RiskRule-FirstTimeSeenDomain RiskRule-LongPowershell RiskRule-EncryptedPowershell RiskRule-EndPointAV RiskRule-#10 . . . . RiskRule-#150 Risk Index RiskIncidentRule-HighCompositeRiskScore RiskIncidentRule-Multiple RiskRulesSinglePhase RiskIncidentRule-MultipleATT&CKPhases . . . . Risk Driven Alert Notable Event in ES
37.
© 2019 SPLUNK
INC. Risk Change Postures : Snapshot of overall posture changes Risk Change Trends : Overall risk score change trends Risk Objects / Incident types Status : Individual risk object status, object being either “system”, “users”, “Incidents” Recent Risk Modifiers : Detailed events including the risk scores and associated risk object Risk Analysis Dashboard
38.
© 2019 SPLUNK
INC. Risk Analysis With Incident Review Adds Context… Risk score displayed in Incident Review Risk score displayed in incident review
39.
© 2019 SPLUNK
INC. Risk Framework https://dev.splunk.com/view/enterprise-security/SP-CAAAFBD
40.
© 2019 SPLUNK
INC. What Is Enterprise Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
41.
© 2019 SPLUNK
INC. Threat Intelligence Framework Finding hidden IOCs using comprehensive threat intelligence mappings • Multiple sources • Multiple transmission types • Multiple transports • Multiple data formats INTEL SOURCES 1. IP 2. Emails 3. URLs 4. Files names/ hashes 5. Processes names 6. Services 7. Registry entries 8. X509 Certificates 9. Users CATEGORIZE Index, Extract, Categorize Manage / Audit threat sources • List status • List mgmt. • List location COLLECT MANAGE Data Management SEARCH Ad-hoc search, analyze, investigate, prioritize Data Search CORRELATE Match all IOCs in existing log data Generate alert for any matches KSI and trends Security Dashboard Correlation Data / Notable Events
42.
© 2019 SPLUNK
INC. Threat Intel Support Threat collection Supported IOC data types Local lookup file certificate_intel X509 Certificates Local Certificate Intel email_intel Email Local Email Intel file_intel File names or hashes Local File Intel http_intel URLs Local HTTP Intel ip_intel IP addresses Local IP Intel domains Local Domain Intel process_intel Processes Local Process Intel registry_intel Registry entries Local Registry Intel service_intel Services Local Service Intel user_intel Users Local User Intel
43.
© 2019 SPLUNK
INC. Threat intelligence source management Manage various threat intelligence in a simple configuration framework. Fine tuning the accuracy and relevancy by prioritizing higher importance of intel be applied. Detailed Threat Update Setup Provides management interface to easily define / download / update / apply Configure Threat Intel
44.
© 2019 SPLUNK
INC. Threat intel Source lookups • ES data is mapped with detailed Threat source that indicate potential IOCs • Threat match provide information on the type of threat activities Threat Intel Details • Detailed description of matching ES Threat Incident • Provide immediate detailed information about the detected activity Contributing Event Raw data source that supports the event as evidence to events Threat Intelligence in Incident Review
45.
© 2019 SPLUNK
INC. Threat intel indicator overview Shows overall posture of threat activities to understand quickly the changes in the detected threat activities status. Threat intel trending overview Shows trend changes of threat activities including the changes in the type of threats. Detailed threat type activities Shows detailed active threat types and associated assets to understand, what kind of threats are active in network. Active threat sources Shows how different threat sources are active to understand and calibrate threat intel enhancements. THREAT ACTIVITY
46.
© 2019 SPLUNK
INC. Threat Intelligence Framework https://dev.splunk.com/view/enterprise-security/SP-CAAAFBC
47.
© 2019 SPLUNK
INC. What Is Enterprise Security? . Access Protection – show analytic story – detection searches Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
48.
© 2019 SPLUNK
INC. Use Case Library Faster Detection and Incident Response Discover new use cases and determine which ones can be used within your environment right away Create, curate, install, and manage content, Analytic Stories and third-party created content
49.
© 2019 SPLUNK
INC. What Is Enterprise Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
50.
© 2019 SPLUNK
INC. Splunk as the Security Nerve Center Endpoints Threat Intelligence Network Web Proxy Firewall Identity and Access WAF and App Security Cloud Security Mobile ORCHESTRATION ANALYTICS Mission: Deeper integrations across the best security technologies to help combat advanced attacks together Approach: Gather / analyze, share, take action based on end-to-end context, across security domains
51.
© 2019 SPLUNK
INC. Adaptive Response Framework Correlation Search > AlertSearch > Alert
52.
© 2019 SPLUNK
INC. Adaptive Response Framework https://dev.splunk.com/view/enterprise-security/SP-CAAAFBE
53.
© 2019 SPLUNK
INC. Frameworks Enable Use Cases
54.
© 2019 SPLUNK
INC. ▶ Stay ahead of compliance mandates ▶ Quickly gain real-time posture and insights across all IT resources and security controls to clear compliance ▶ Pass audits with minimal effort, regardless of mandate or regulatory framework. Compliance ▶ Real-time state of risk, alerts, and compliance ▶ Full and continuous monitoring of critical assets ▶ Full visibility into vulnerabilities, asset/devices, context of threats and alerting ▶ Don't miss a thing with continuous and automated security monitoring that lets you respond 24/7 Security Monitoring
55.
© 2019 SPLUNK
INC. ▶ Detect compromised hosts and users ▶ Find activities associated with accounts and attackers involved in attacks ▶ Determine scope of user activities ▶ Find indicators and artifacts associated with compromised user hosts Advanced Threat Detection ▶ Identify real incidents and full-scope ▶ Gain investigation capability across all security relevant data ▶ Get context from popular Enterprise SaaS apps, correlate across SaaS and on-premises sources ▶ Gain thorough understanding on options to remediate a breach Incident Investigation, Forensics
56.
© 2019 SPLUNK
INC. ► Shorten investigation cycles - prioritize, confirm and take actions on higher priority threat. ► Use Investigation Workbench to investigate notable events that may represent a threat ► Leverage integration with existing capabilities - collaborate and track the investigation ► Quickly launch a response to critical incidents Incident Response ► Centrally automate retrieval, sharing and response actions resulting in improved detection, investigation and remediation times ► Improve operational efficiency using workflow-based context with automated and human-assisted decisions ► Extract new insight by leveraging context, sharing data and taking automated actions between ES and partners using Adaptive Response SOC Automation
57.
© 2019 SPLUNK
INC. 1. Use the Analytics-Driven SIEM to handle your security operations challenges 2. Use the Frameworks of Enterprise Security to solve your use cases 3. To schedule a hands-on workshop contact your sales executive Key Takeways
58.
© 2019 SPLUNK
INC. Q&A
Download now