SlideShare a Scribd company logo
1 of 42
Copyright	©	2014	Splunk	Inc.	
Security	Opera;ons:	
Hun$ng	Wabbits,	
Possum,	and	APT	
Ryan	Chapman	
Bechtel	Corpora;on
2	
Disclaimer	
During	the	course	of	this	presenta;on,	we	may	make	forward	looking	statements	regarding	future	
events	or	the	expected	performance	of	the	company.	We	cau;on	you	that	such	statements	reflect	our	
current	expecta;ons	and	es;mates	based	on	factors	currently	known	to	us	and	that	actual	events	or	
results	could	differ	materially.	For	important	factors	that	may	cause	actual	results	to	differ	from	those	
contained	in	our	forward-looking	statements,	please	review	our	filings	with	the	SEC.	The	forward-
looking	statements	made	in	the	this	presenta;on	are	being	made	as	of	the	;me	and	date	of	its	live	
presenta;on.	If	reviewed	aRer	its	live	presenta;on,	this	presenta;on	may	not	contain	current	or	
accurate	informa;on.	We	do	not	assume	any	obliga;on	to	update	any	forward	looking	statements	we	
may	make.		
	
In	addi;on,	any	informa;on	about	our	roadmap	outlines	our	general	product	direc;on	and	is	subject	to	
change	at	any	;me	without	no;ce.	It	is	for	informa;onal	purposes	only	and	shall	not,	be	incorporated	
into	any	contract	or	other	commitment.	Splunk	undertakes	no	obliga;on	either	to	develop	the	features	
or	func;onality	described	or	to	include	any	such	feature	or	func;onality	in	a	future	release.
3	
Agenda	
•  Intro	to	Bechtel	
•  Who’s	This	Guy?	
•  Overview	of	Security	@	Bechtel	
•  Why	Splunk?	
•  Hun$ng	Tips	and	Tricks
4	
Bechtel	Corpora;on	
•  Largest	Engineering,	Construc;on,	&	PM	Company	in	the	U.S.	
•  55,400	colleagues	|	25,000	projects	|	160	countries	|	7	con;nents	
•  Target	Rich	Environment	–	Global	Threats	
•  2012	Goal:	Develop	World-Class	SOC
5	
Ryan	J.	Chapman	
•  Computer	Incident	Response	Team	(CIRT)	
–  Network	Security	Monitoring	Analyst	
•  Incident	Handler	
•  CIRT	/	SOC	Liaison	
•  “Did	You	Check	Splunk?”	Guy	
ê  No,	Really.		Did	You	Check	Splunk?	
@rj_chap
6	
It	Takes	A	Village!	
•  We	ALL	Par$cipate	in	Hun$ng	
•  Bechtel	SOC	&	CIRT	
–  SOC:	Time	Allocated	
–  CIRT:	Required	During	On-Call	
•  Tribal	Training	+	“Security	Blitz”	+	“Tech	Talks”	
•  Example	of	a	Rockstar:	
–  Keith	Tyler	(@keithtyler)	
ê FANTASTIC	Hunter!
Security	@	Bechtel
8	
Post	Remedia;on	Structure
9	
APT	Events	
Use	Case	 BEFORE	
SPLUNK	
AFTER	
SPLUNK	
Event	
Escala$on	
to	CIRT	
• 99%	of	Events	 • 2013-2014:	
<	3%	
	
• 2015:	
<	1%	
APT	Events	
Detected	
•  1	APT	Event	 •  2013:		269	APT	Events	
•  2014:		82	APT	Events
10	
The	Security	Stack	
External	
Intense	Monitoring	
Full	Packet	Capture	
DNS	Protec$on	
Network	Event	Parsing	
Firewall	
Applica$on	Firewall	
Email	Blocking	
Behavior	Analysis	
APT	Detec$on	
Forensics	
AV	
Log	Forwarding	
Remediate	
Detect	
Respond	
Deter
11	
Why	Splunk?	
•  Beuer	than	GREP?	
•  Parsing	Individual	Logs?	
–  2.35TB/day	License	
•  Primary	Uses:	
–  Alert	Genera;on	
–  Incident	Handling	/	Response	
ê  The	“5	W’s”	
–  HUNTING	
Because	it’s	Awesome!
12	
Obligatory	Splunk	Quote	
“We	wouldn’t	be	able	to	do	our	jobs	
without	Splunk.”
Hun;ng	Tac;cs
14	
•  Ask	Ques;ons	
–  BE	INQUISITIVE	NOSY	
–  Read	Ar;cles	/	Twiuer	/	OSINT	
•  Develop	Queries	
–  Create	Baselines	/	Tune	Queries	
•  Implement	Saved	Searches	
•  Allocate	Time	for	Hun$ng	
The	Hunter	Mentality	
Be	like	water…	but	also	mimic	a	nosy	neighbor
Go	Home	Word,	
You’re	Drunk
16	
Word	Up!	
Tell	Your	Brother,	Your	Sister,	and	Your	Momma	Too…	
•  Word	Files	=	Common	Carrier	File	
•  Easy	to	Weaponize	
–  VBA	/	Macro	
–  CVE-based	Exploit	(Metasploit)	
•  Weaponized	Files	Launch…	
–  All	The	Things	
Q:	Is	Word	Launching…	Stuff?
17	
The	Sobriety	Test	
index=wls* EventID=4688
CreatorProcessName="WINWORD" Signed=False
NOT (NewProcessName="C:Windows*" OR
NewProcessName="C:Progra*")
| table _time, host, SubjectUserName,
BaseFileName, CommandLine, NewProcessName,
MD5	
	
NOTE:	“Audit	Process	Crea0on”	must	be	enabled
18	
Test	Results:	INEBRIATED	
_$me	 host	 Base	
FileName	
NewProcessName	 MD5	
11/9/15	
15:35	
[DERP]	 Purchase	
Order	rd2015	
oct-dec	
#40098.exe	
C:Users[DERP]
AppDataLocal
TempPurchase	
Order	rd2015	oct-
dec	#40098.exe	
EFF6EBFD48A
669FE9C2E62
B0E82561CE
19	
What’cha	Drinking?
20	
What	About	Malicious	Scripts?	
THE	LAUNCH	CODES	ARE	BAD!		DO	NOT	LAUNCH!	
•  Common	Script	Handlers:	
–  cscript	/	wscript	/	powershell			ß	These	Run	Scripts	
•  Carrier	File	Handlers:	
–  Word 	 	(doc)	
–  Excel 	 	(xls)	
–  PowerPoint 	(ppt)	
–  Adobe	Reader 	(pdf)	
–  Etc.
21	
The	Pwnie	Express	
index=wls EventID=4688
(CommandLine="*cscript*" OR CommandLine="*wscript*" OR
CommandLine="*powershell*")
(CreatorProcessName="WINWORD" OR
CreatorProcessName="POWERPNT" OR
CreatorProcessName="EXCEL" OR
CreatorProcessName="Adobe*")
| table _time, host, SubjectUserName,
CreatorProcessName, BaseFileName, CommandLine
‘Cause	They	Are	Carrier	Files!
22	
I	“C”	A	Script	
_$me	 host	 Creator	
Process	
Name	
Base	
FileName	
CommandLine	
01/24/16	
22:49:03	
[DERP]	 EXCEL	 cscript.exe	 cscript	'C:Users
[DERP]Desktop
Databases_Public		
Loto	Permit	Excel
reg_seing.vbs'
Scheduled	Tasks	
via	at.exe
24	
Scheduled	Tasks	
SCHTASKS	vs.	AT	
•  schtasks.exe	–	Common	Task	Scheduler/Viewer	
•  at.exe	
–  Deprecated,	but	Available	Through	Windows	7	
–  Historically	Used	for	Privilege	Escala;on	(WinXP)	
ê Ajackers	S$ll	Love	It	(Older	Admins	Too)	
–  Creates	`%System_Root%/Tasks/at[0-9].job`	Files	
ê Sweep	Enterprise	for	These	&	Analyze!	
Q:	Anyone	Running	at.exe?
25	
The	Query	
Anyone	Running	at.exe?	
index=wls EventID=4688
BaseFileName="at.exe"
CommandLine="*"
NOT BaseFileName="[known good]"
NOT CommandLine="[known good]"
| table …
26	
Nothing	Silly	Recently	
But	A	Few	Years	Ago…	
_$me	 host	 Base	
FileName	
CommandLine	 Creator	
Process	
Name	
06/06/11	
04:01	
[DERP]	 at.exe	 at	04:03	/interac$ve		
cmd	/c	cmd.exe	
cmd
Remote	
Powershell
28	
PowerShell	Shenanigans	
Auackers	LOVE	PowerShell	
  Why	Are	Auackers	Using	PowerShell?	
–  Powerful,	Built-in	Tool	–	(Nearly)	Always	Available	
–  Can	Execute	in	Memory	(Diskless)	
–  Easy	to	Avoid	Detec;on	
ê A	Hacker’s	Best	Toolkit	=	Tools	on	the	Box!	
  PowerShell	is	a	Growing	Concern	
–  See:	PowerSploit	Framework
29	
PowerShell	Snooping	
Brainstorming	
  Discussion:	Event	Code	4688	vs.	4103/4	
  We	Already	Look	for	Encoded	PS	Commands	
–  See:	“Splunk	Live!	Santa	Clara	2015”	Talk	
  What	About	Remote	PS	Access	Methods?	
–  PowerShell	Can	Run	Remote	Scripts	
Q:	Is	Anyone	Running	Remote	PS	Commands?
30	
Remote	PowerShell	
Just	a	Few	Samples…	
  Common	Remote	Methods:	
Get-Service winrm
Enable-PSRemoting
New-PSSession
Enter-PSSession
Invoke-Command –computername
	General	use	of: 	–computer
NOTE: -computer can specify 127.0.0.1)
31	
PowerShell:	WSMan
32	
PowerShell	Search	
Remote	Methods	=	Auacker’s	Forte	
index=wls* EventID=4688
BaseFileName=powershell.exe
(CommandLine="*winrm*" OR
CommandLine="*psremoting*" OR
CommandLine="*pssession*" OR
CommandLine="*invoke-command*" OR
CommandLine="*wsman*"
[OR CommandLine="*-computer*"])
| table …
33	
PowerShellMafia’s	PowerSploit	
Dirty	Dirty	Tricks	
  Open	Source	PowerShell	Auack	Framework	
–  Becoming	More	and	More	Common	
  We	Can	Enumerate	All	PowerSploit	PS	Modules	
–  And	Look	For	Them	
ê  And	yell/cry/smile	if	we	find	any	
Q:	Is	Anyone	Running	PowerSploit?	(BETTER	NOT	BE!)
34	
“A	PowerShell	Post-Exploita;on	Framework”
35	
Enumerated	PowerSploit	Modules	
index=wls* EventID=4688 (BaseFileName=powershell.exe OR BaseFileName=cmd.exe)
(CommandLine="*powersploit*" OR CommandLine="*Invoke-DllInjection*" OR
CommandLine="*Invoke-ReflectivePEInjection*" OR CommandLine="*Invoke-Shellcode*" OR
CommandLine="*Invoke-WmiCommand*" OR CommandLine="*Out-EncodedCommand*" OR
CommandLine="*Out-CompressedDll*" OR CommandLine="*Out-EncryptedScript*" OR
CommandLine="*Remove-Comments*" OR CommandLine="*New-UserPersistenceOption*" OR
CommandLine="*New-ElevatedPersistenceOption*" OR CommandLine="*Add-Persistence*" OR
CommandLine="*Install-SSP*" OR CommandLine="*Get-SecurityPackages*" OR
CommandLine="*Find-AVSignature*" OR CommandLine="*Invoke-TokenManipulation*" OR
CommandLine="*Invoke-CredentialInjection*" OR CommandLine="*Invoke-NinjaCopy*" OR
CommandLine="*Invoke-Mimikatz*" OR CommandLine="*Get-Keystrokes*" OR
CommandLine="*Get-GPPPassword*" OR CommandLine="*Get-TimedScreenshot*" OR
CommandLine="*New-VolumeShadowCopy*" OR CommandLine="*Get-VolumeShadowCopy*" OR
CommandLine="*Mount-VolumeShadowCopy*" OR CommandLine="*Remove-VolumeShadowCopy*" OR
CommandLine="*Get-VaultCredential*" OR CommandLine="*Out-Minidump*" OR
CommandLine="*Set-MasterBootRecord*" OR CommandLine="*Set-CriticalProcess*" OR
CommandLine="*PowerUp*" OR CommandLine="*Invoke-Portscan*" OR CommandLine="*Get-
HttpStatus*" OR CommandLine="*Invoke-ReverseDnsLookup*" OR CommandLine="*PowerView*")
| table …
Quick	Example:	
Rogue	svchost.exe
37	
svchost.exe	w/Bad	Parent	
smss.exe	->	wininit.exe	->	services.exe	->	svchost.exe	
index=wls EventID=4688
BaseFileName="svchost.exe"
NOT CreatorProcessName="services"
| table …
Quick	Example:	
CLI>	blah	[IPv4]	blah
39	
IPv4	Addresses	in	CLI	
The	Internet	is	a	Scary	Place	
index=wls* EventID=4688 CommandLine="*"
NOT BaseFileName=cscript.exe OR
BaseFileName=nslookup.exe OR
BaseFileName=cmd.exe OR
BaseFileName=ping.exe OR
BaseFileName=nblookup.exe OR
BaseFileName=route.exe)
| regex CommandLine="sd{1,3}.d{1,3}.
d{1,3}.d{1,3}s"
40	
Recap	&	Takeaways	
•  Ask	Ques$ons	
–  Read	Ar$cles	/	Twijer	Feeds	/	OSINT	Reports	/	etc.	
–  “Does	This	Happen	Here?”	
•  Develop	Queries	
•  Establish	Baselines	
–  Tune	Over	Time	
•  Create	Saved	Searches	
•  Allocate	Time	For	Hun$ng!	
Keep	Hun;n’!
41	
Resources	
•  Windows	Logging	Service	(WLS)	Home	Page	
–  By	Jason	McCord	(@digira;82)	
–  hups://digira;82.com/wls-informa;on/	
•  “Know	your	Windows	Processes	or	Die	Trying”	
–  Ar;cle	by	Patrick	Olsen,	2014/01/18	
–  hup://sysforensics.org/2014/01/know-your-windows-processes/	
•  Bechtel	Splunk	Live!	Santa	Clara	2015	Preso	
–  hup://www.slideshare.net/Splunk/bechtel-customer-presenta;on		
Keep	Hun;n’!
Thank	You	
Security	Opera;ons:	
Hun$ng	Wabbits,	Possum,	
and	APT	
	
Ryan	Chapman	–	@rj_chap		
Bechtel	QUESTIONS?

More Related Content

What's hot

IT4IT real life examples & myths and rumors dispelled
IT4IT real life examples & myths and rumors dispelledIT4IT real life examples & myths and rumors dispelled
IT4IT real life examples & myths and rumors dispelled
Tony Price
 
SAP HANA Migration Deck.pptx
SAP HANA Migration Deck.pptxSAP HANA Migration Deck.pptx
SAP HANA Migration Deck.pptx
SingbBablu
 
Data Leadership - Stop Talking About Data and Start Making an Impact!
Data Leadership - Stop Talking About Data and Start Making an Impact!Data Leadership - Stop Talking About Data and Start Making an Impact!
Data Leadership - Stop Talking About Data and Start Making an Impact!
DATAVERSITY
 
Designing An Enterprise Data Fabric
Designing An Enterprise Data FabricDesigning An Enterprise Data Fabric
Designing An Enterprise Data Fabric
Alan McSweeney
 

What's hot (20)

IT4IT real life examples & myths and rumors dispelled
IT4IT real life examples & myths and rumors dispelledIT4IT real life examples & myths and rumors dispelled
IT4IT real life examples & myths and rumors dispelled
 
SAP Cloud Platform - The Business Platform for the Intelligent Enterprise
SAP Cloud Platform - The Business Platform for the Intelligent EnterpriseSAP Cloud Platform - The Business Platform for the Intelligent Enterprise
SAP Cloud Platform - The Business Platform for the Intelligent Enterprise
 
Building the Data Lake with Azure Data Factory and Data Lake Analytics
Building the Data Lake with Azure Data Factory and Data Lake AnalyticsBuilding the Data Lake with Azure Data Factory and Data Lake Analytics
Building the Data Lake with Azure Data Factory and Data Lake Analytics
 
How Gartner Helps Across the Entire IT Cost Optimization Life Cycle
How Gartner Helps Across the Entire IT Cost Optimization Life CycleHow Gartner Helps Across the Entire IT Cost Optimization Life Cycle
How Gartner Helps Across the Entire IT Cost Optimization Life Cycle
 
Data Lakehouse, Data Mesh, and Data Fabric (r1)
Data Lakehouse, Data Mesh, and Data Fabric (r1)Data Lakehouse, Data Mesh, and Data Fabric (r1)
Data Lakehouse, Data Mesh, and Data Fabric (r1)
 
IT4IT: Realize a Digital Strategy with ServiceNow
IT4IT: Realize a Digital Strategy with ServiceNowIT4IT: Realize a Digital Strategy with ServiceNow
IT4IT: Realize a Digital Strategy with ServiceNow
 
SAP HANA Migration Deck.pptx
SAP HANA Migration Deck.pptxSAP HANA Migration Deck.pptx
SAP HANA Migration Deck.pptx
 
Benefit SAP S4HANA.pptx
Benefit SAP S4HANA.pptxBenefit SAP S4HANA.pptx
Benefit SAP S4HANA.pptx
 
Azure advanced analytics for SAP customers
Azure advanced analytics for SAP customersAzure advanced analytics for SAP customers
Azure advanced analytics for SAP customers
 
Future of Data Engineering
Future of Data EngineeringFuture of Data Engineering
Future of Data Engineering
 
Future Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for DigitalFuture Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for Digital
 
Event Driven Architecture
Event Driven ArchitectureEvent Driven Architecture
Event Driven Architecture
 
Intro Microsoft Dynamics 365
Intro Microsoft Dynamics 365Intro Microsoft Dynamics 365
Intro Microsoft Dynamics 365
 
Data Leadership - Stop Talking About Data and Start Making an Impact!
Data Leadership - Stop Talking About Data and Start Making an Impact!Data Leadership - Stop Talking About Data and Start Making an Impact!
Data Leadership - Stop Talking About Data and Start Making an Impact!
 
Databricks Platform.pptx
Databricks Platform.pptxDatabricks Platform.pptx
Databricks Platform.pptx
 
Free Training: How to Build a Lakehouse
Free Training: How to Build a LakehouseFree Training: How to Build a Lakehouse
Free Training: How to Build a Lakehouse
 
Business Intelligence PowerPoint Presentation Slides
Business Intelligence PowerPoint Presentation Slides Business Intelligence PowerPoint Presentation Slides
Business Intelligence PowerPoint Presentation Slides
 
Data Governance Best Practices
Data Governance Best PracticesData Governance Best Practices
Data Governance Best Practices
 
Designing An Enterprise Data Fabric
Designing An Enterprise Data FabricDesigning An Enterprise Data Fabric
Designing An Enterprise Data Fabric
 
Databricks Delta Lake and Its Benefits
Databricks Delta Lake and Its BenefitsDatabricks Delta Lake and Its Benefits
Databricks Delta Lake and Its Benefits
 

Viewers also liked

Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
devilback
 
1257103560 X Mp Lantand Iso15926 Oct2009
1257103560 X Mp Lantand Iso15926 Oct20091257103560 X Mp Lantand Iso15926 Oct2009
1257103560 X Mp Lantand Iso15926 Oct2009
Giorgio Amici
 

Viewers also liked (20)

Bechtel Customer Presentation
Bechtel Customer PresentationBechtel Customer Presentation
Bechtel Customer Presentation
 
Bechtel epc
Bechtel epcBechtel epc
Bechtel epc
 
Splunk Enterprise for InfoSec Hands-On
Splunk Enterprise for InfoSec Hands-OnSplunk Enterprise for InfoSec Hands-On
Splunk Enterprise for InfoSec Hands-On
 
2017 STS - BECHTEL’S INNOVATIVE “ENGINEERED LOGISTICS” APPROACH FOR TRANSPORT...
2017 STS - BECHTEL’S INNOVATIVE “ENGINEERED LOGISTICS” APPROACH FOR TRANSPORT...2017 STS - BECHTEL’S INNOVATIVE “ENGINEERED LOGISTICS” APPROACH FOR TRANSPORT...
2017 STS - BECHTEL’S INNOVATIVE “ENGINEERED LOGISTICS” APPROACH FOR TRANSPORT...
 
Splunk Enterprise for Information Security Hands-On Breakout Session
Splunk Enterprise for Information Security Hands-On Breakout SessionSplunk Enterprise for Information Security Hands-On Breakout Session
Splunk Enterprise for Information Security Hands-On Breakout Session
 
Mobile Applications
Mobile ApplicationsMobile Applications
Mobile Applications
 
DJP_Asset+information
DJP_Asset+informationDJP_Asset+information
DJP_Asset+information
 
Building a community of practice around higher ed for sustainabiltiy in asia ...
Building a community of practice around higher ed for sustainabiltiy in asia ...Building a community of practice around higher ed for sustainabiltiy in asia ...
Building a community of practice around higher ed for sustainabiltiy in asia ...
 
A Strategy For Standing Up A Successful Employee Resource Group
A Strategy For Standing Up A Successful Employee Resource GroupA Strategy For Standing Up A Successful Employee Resource Group
A Strategy For Standing Up A Successful Employee Resource Group
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
1257103560 X Mp Lantand Iso15926 Oct2009
1257103560 X Mp Lantand Iso15926 Oct20091257103560 X Mp Lantand Iso15926 Oct2009
1257103560 X Mp Lantand Iso15926 Oct2009
 
Dr. amjad bangash bechtel
Dr. amjad bangash   bechtelDr. amjad bangash   bechtel
Dr. amjad bangash bechtel
 
Workshop threat-hunting
Workshop threat-huntingWorkshop threat-hunting
Workshop threat-hunting
 
Bechtel project planning example
Bechtel project planning exampleBechtel project planning example
Bechtel project planning example
 
LNG PROCESS
LNG PROCESSLNG PROCESS
LNG PROCESS
 
Building an Analytics Enables SOC
Building an Analytics Enables SOCBuilding an Analytics Enables SOC
Building an Analytics Enables SOC
 
Building a Security Information and Event Management platform at Travis Per...
 	Building a Security Information and Event Management platform at Travis Per... 	Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
 
Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016
 
Bechtel On OpenID and OAuth from Cloud Identity Summit
Bechtel On OpenID and OAuth from Cloud Identity SummitBechtel On OpenID and OAuth from Cloud Identity Summit
Bechtel On OpenID and OAuth from Cloud Identity Summit
 
ASGARD Splunk Conf 2016
ASGARD Splunk Conf 2016ASGARD Splunk Conf 2016
ASGARD Splunk Conf 2016
 

Similar to Bechtel Customer Presentation

SplunkLive DC April 2016 - Operationalizing Machine Learning
SplunkLive DC April 2016 - Operationalizing Machine LearningSplunkLive DC April 2016 - Operationalizing Machine Learning
SplunkLive DC April 2016 - Operationalizing Machine Learning
Tom LaGatta
 

Similar to Bechtel Customer Presentation (20)

Machine Learning + Analytics in Splunk
Machine Learning + Analytics in SplunkMachine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise Getting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
5 Ways to Improve your Security Posture with Splunk Enterprise Security
5 Ways to Improve your Security Posture with Splunk Enterprise Security5 Ways to Improve your Security Posture with Splunk Enterprise Security
5 Ways to Improve your Security Posture with Splunk Enterprise Security
 
Machine Learning + Analytics
Machine Learning + AnalyticsMachine Learning + Analytics
Machine Learning + Analytics
 
Splunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-OnSplunk Enterprise for IT Troubleshooting Hands-On
Splunk Enterprise for IT Troubleshooting Hands-On
 
Enterprise Security featuring UBA
Enterprise Security featuring UBAEnterprise Security featuring UBA
Enterprise Security featuring UBA
 
SplunkLive DC April 2016 - Operationalizing Machine Learning
SplunkLive DC April 2016 - Operationalizing Machine LearningSplunkLive DC April 2016 - Operationalizing Machine Learning
SplunkLive DC April 2016 - Operationalizing Machine Learning
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Experian Customer Presentation
Experian Customer PresentationExperian Customer Presentation
Experian Customer Presentation
 
Deception-Triggered Security Data Science to Detect Adversary Movements
Deception-Triggered Security Data Science to Detect Adversary MovementsDeception-Triggered Security Data Science to Detect Adversary Movements
Deception-Triggered Security Data Science to Detect Adversary Movements
 
Machine Learning + Analytics in Splunk
Machine Learning + Analytics in SplunkMachine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk
 
SplunkLive Perth Machine Learning & Analytics
SplunkLive Perth Machine Learning & AnalyticsSplunkLive Perth Machine Learning & Analytics
SplunkLive Perth Machine Learning & Analytics
 
SplunkLive Melbourne Machine Learning & Analytics
SplunkLive Melbourne Machine Learning & AnalyticsSplunkLive Melbourne Machine Learning & Analytics
SplunkLive Melbourne Machine Learning & Analytics
 
SplunkLive Canberra Machine Learning & Analytics
SplunkLive Canberra Machine Learning & AnalyticsSplunkLive Canberra Machine Learning & Analytics
SplunkLive Canberra Machine Learning & Analytics
 
SplunkLive Sydney Machine Learning & Analytics
SplunkLive Sydney Machine Learning & AnalyticsSplunkLive Sydney Machine Learning & Analytics
SplunkLive Sydney Machine Learning & Analytics
 
SplunkLive Sydney Machine Learning & Analytics
SplunkLive Sydney Machine Learning & AnalyticsSplunkLive Sydney Machine Learning & Analytics
SplunkLive Sydney Machine Learning & Analytics
 
SplunkLive Canberra Machine Learning & Analytics
SplunkLive Canberra Machine Learning & AnalyticsSplunkLive Canberra Machine Learning & Analytics
SplunkLive Canberra Machine Learning & Analytics
 
SplunkLive Perth Machine Learning & Analytics
SplunkLive Perth Machine Learning & AnalyticsSplunkLive Perth Machine Learning & Analytics
SplunkLive Perth Machine Learning & Analytics
 
SplunkLive Melbourne Machine Learning & Analytics
SplunkLive Melbourne Machine Learning & AnalyticsSplunkLive Melbourne Machine Learning & Analytics
SplunkLive Melbourne Machine Learning & Analytics
 

More from Splunk

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
 Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial IntelligenceRevolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Precisely
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 

Recently uploaded (20)

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial IntelligenceRevolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 

Bechtel Customer Presentation

Editor's Notes

  1. Global reach = Global threats
  2. NOT TIER 1/2!!!!
  3. Remove 2015??