This document discusses Splunk Enterprise Security and its frameworks for analyzing security data. It begins with an introduction and agenda. It then discusses Splunk's analytics-driven security information and event management (SIEM) capabilities. The main part of the presentation covers Splunk's frameworks for enterprise security, including the Notable Events framework for streamlining incident management and the Asset and Identity framework for automatically mapping context to incidents. It provides examples of how these frameworks enable faster incident review and investigation.
7. T I E R 1 A N A LY S T
W O R K W I L L B E
A U T O M AT E D
T I M E N O W S P E N T
T U N I N G D E T E C T I O N
A N D R E S P O N S E
L O G I C
P L AT F O R M F O R
I N V E S T I G AT I O N A N D
T O O R C H E S T R AT E
T H E M A L L
90%
50%
1