AR
Uploaded byAmanda Richardson
PDF, PPTX91 views

March 2023 PNW User Group

The document outlines the agenda of a Splunk PNW User Group meeting held on March 30, 2023, featuring topics such as updates on Splunk Enterprise Security and educational resources available for users. It highlights advancements in security analytics, cloud solutions, and new training programs aimed at enhancing user experience and efficiency with Splunk products. Additionally, it announces upcoming events, networking opportunities, and emphasizes the importance of user engagement in the community.

Embed presentation

Download as PDF, PPTX
© 2022 SPLUNK INC. Splunk PNW User Group 30 March, 2023
© 2022 SPLUNK INC. Agenda Topic Speaker Organization Time Welcome Grab your lunch, get comfy Intros and announcements Amanda Richardson Sr. Customer Success Manager Splunk 15m Splunk Enterprise Security - What’s New Dan Hogland Staff Security CSE Splunk 30m Splunk Education - Learning for All! Melissa Riley Learning Success Manager Splunk 30m Open Discussion and Networking Time! User Community All 30m Wrap up Closing remarks, topic ideas Rob de Luna Sr. Solutions Engineer Splunk 15m
© 2022 SPLUNK INC. Splunk Enterprise Security A data-centric, modern SIEM solution Dan Hogland Staff CSE, Security
This presentation may contain forward-looking statements regarding future events, plans or the expected financial performance of our company, including our expectations regarding our products, technology, strategy, customers, markets, acquisitions and investments. These statements reflect management’s current expectations, estimates and assumptions based on the information currently available to us. These forward-looking statements are not guarantees of future performance and involve significant risks, uncertainties and other factors that may cause our actual results, performance or achievements to be materially different from results, performance or achievements expressed or implied by the forward-looking statements contained in this presentation. For additional information about factors that could cause actual results to differ materially from those described in the forward-looking statements made in this presentation, please refer to our periodic reports and other filings with the SEC, including the risk factors identified in our most recent quarterly reports on Form 10-Q and annual reports on Form 10-K, copies of which may be obtained by visiting the Splunk Investor Relations website at www.investors.splunk.com or the SEC's website at www.sec.gov. The forward-looking statements made in this presentation are made as of the time and date of this presentation. If reviewed after the initial presentation, even if made available by us, on our website or otherwise, it may not contain current or accurate information. We disclaim any obligation to update or revise any forward-looking statement based on new information, future events or otherwise, except as required by applicable law. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. We undertake no obligation either to develop the features or functionalities described, in beta or in preview (used interchangeably), or to include any such feature or functionality in a future release. Splunk, Splunk> and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names or trademarks belong to their respective owners. © 2022 Splunk Inc. All rights reserved. Forward- Looking Statements 2.18.22-19:04
© 2022 SPLUNK INC. The Splunk Difference A data-centric approach to security Any Data, Any Source Make disparate data available, queryable, and actionable 1 Fast, Flexible Investigations Achieve 100% compliance and 5x faster security investigations 2 Proven Scalability Ingest TBs of data per day and perform over 1M searches per week 3 Open Ecosystem 2,800+ integrations to support your best-in-class technology stack 4 Support for All Deployments Effectively monitor and secure complex multicloud or hybrid environments 5 Source 1: Nasdaq customer story Source 2: Check Point Software customer story Source 3: Intel customer story Source 4: Slack customer story & Splunkbase Source 5: Travis Perkins PLC customer story
© 2022 SPLUNK INC. Advanced Analytics ● 1170+ detections with 100+ cloud- based detections ● 30% increase in true-positive alert rates with Risk-Based Alerting (RBA) ● Enrich and prioritize alerts with integrated threat intelligence (Splunk Intelligence Management) ● Align security operations to industry frameworks (MITRE ATT&CK, NIST, CIS 20, and Kill Chain) ● Dive deep with intuitive search and investigation capabilities Boost productivity
© 2021 SPLUNK INC. © 2022 SPLUNK INC. What’s New in ES
© 2022 SPLUNK INC. What’s New in Splunk Enterprise Security 7.0? ● Executive Summary Dashboard ● Security Operations Dashboard ● Cloud Security Monitoring Dashboards ● Real-Time Content Updates ● Dark Mode User Experience (Cloud) On Prem & Cloud
© 2022 SPLUNK INC. On Prem & Cloud Executive Summary Dashboard ● Increased visibility for CISOs, Security Directors and SOC Managers into overall health of security program ● Key Insights ○ Mean Time to Triage ○ Mean Time to Respond ○ Investigations Created ○ Assigned Notables Over Time ○ Notable Event History Trends ○ Risk-Based Alerting Trends ○ Adaptive Response Action Trends Executive Level Security Insights with Trends over Time A v a i l a b l e N o w
© 2022 SPLUNK INC. On Prem & Cloud A v a i l a b l e N o w Security Operations Dashboard ● Key Insights ○ Mean Time to Triage ○ Mean Time to Respond ○ Investigations Created ○ Notable Assignments ○ Notable and Analyst Close Rate ○ Notable Disposition ■ False Positives ■ True Positives ■ Benign Positives Performance and Efficiency Insights across Security Operations
© 2022 SPLUNK INC. ● New Dashboards include ○ AWS Security Groups ○ AWS IAM Activity ○ AWS Network ACLs ○ AWS Access Analyzer ○ Microsoft 365 ● Enterprise Security 7.0 proactively notifies you of new content updates from the Splunk Threat Research Team and enables updates in one click Cloud Security Dashboards Visibility into AWS and Microsoft 365 Cloud Security Datasets Real-Time Content Updates Automated Security Content Delivery On Prem & Cloud A v a i l a b l e N o w
© 2022 SPLUNK INC. Cloud A v a i l a b l e N o w Modernized User Experience ● Updated “Dark Mode” User Interface ● ES joins other Splunk Security Products in adopting modern development frameworks and best practices Unified User Experience
© 2023 SPLUNK INC. What’s New in Splunk Enterprise Security 7.1? MITRE ATT&CK Framework Matrix Provides the ability to visualize MITRE ATT&CK tactics and techniques in Risk Notable Events and operationalize the MITRE ATT&CK framework when responding to Notable Events Cloud Based Streaming Analytics Enables scalable, real-time streaming analytics for a broad range of advanced security detections that address common use cases. Threat Topology Allows analysts to immediately discover the scope of a security incident and quickly pivot between affected assets and users in the investigation.
© 2023 SPLUNK INC. ● Real-time insider threat detections ● Seamless integration with ES ● Scalable analytics ● Simple to deploy, cloud-native & low maintenance solution Detect Suspicious Behavior In Real- Time Cloud Based Streaming Analytics* & Risk Based Alerting *Cloud-Based Streaming Analytics will be available in US East only on 1/11. Cloud
© 2023 SPLUNK INC. Quickly Discover the Scope of an Incident to Respond Accurately ● Comprehensive view into security incidents ● Quickly determine the severity level of an incident ● Identify additional impacted subjects of an investigation without writing a single line of code of query language Threat Topology Visualization Cloud & On-Prem
© 2023 SPLUNK INC. Improve Security Workflow Efficiencies With Embedded Frameworks ● Visualize MITRE ATT&CK tactics and techniques in Risk Notable Events ● Operationalize the MITRE ATT&CK framework when responding to Notable Events MITRE ATT&CK Framework Matrix Visualization Cloud & On-Prem
© 2022 SPLUNK INC. Splunk Education Free Splunk Training Overview March 2023
© 2023 SPLUNK INC. Time to Value Adoption Productivity Support Needs Deploy use cases faster to deliver business outcomes Reduce the number of support calls and consulting engagements Empower end users to adopt and use the Splunk platform Enable developers and power users to build assets efficiently and effectively Splunk Education Benefits Increase your Return on Splunk Investment (ROI)
© 2023 SPLUNK INC. Accelerate Success Industry and Splunk experts Technical Instructors Lecture, demos, hands-on labs and assessments Comprehensive Curriculum Classroom, virtual and self-paced learning Flexible Delivery Methods Based on Splunk product and persona Learning Paths Validate and prove Splunk skills Certification Tracks
© 2023 SPLUNK INC. Who benefits? When is it? What do I have to do? And then? Designed to create a better experience for customers, partners, and prospects. Complete all in- progress training before the transition on May 17. Transition to the new system will cause downtime from May 17-21. Anyone who takes Splunk technical training May 22 launch Plan ahead Enjoy the new learning experience What’s new? Supports all Splunk product technical training and certifications. More feature-rich and streamlined experience Splunk Training and Enablement Portal (STEP) New Splunk Learning Platform
© 2023 SPLUNK INC. Splunk has free Training for all
© 2021 SPLUNK INC. Free Learning Paths
© 2023 SPLUNK INC. Free Learning Paths ● Learning paths based on Splunk product and persona ● Enterprise and Cloud Basics- 23 free eLearning ○ Ingest and correlate different data sources in Splunk Platform ○ Enrich unstructured data ○ Extract custom fields ○ Manage knowledge objects ○ Understand SPL best practices for better data analysis ● Splunk Enterprise Security- 5 free eLearning ○ Learn the value of Splunk Security solutions ○ Get an overview of use cases and best practices ○ Get an overview of SOAR ● Splunk Observability Overview + Apps- 13 free eLearning ○ Learn the value of Splunk Observability solutions ○ Get an overview of use cases and best practices
© 2023 SPLUNK INC. Free Splunk Training
© 2023 SPLUNK INC. Search Expert Course About eLearning no Labs Time What is Splunk? Dig into machine data and how to use operational intelligence. Free 45 min Intro to Splunk Learn Splunk basics, including reports, dashboards and events. Free 45 min Using Fields Expand your understanding of fields and their use in searches. Free 1 hour Visualizations Find out how to manage and visualize data in the Splunk platform. Free 1 hour Working with Time Gain expertise at using time in searches. Free 3 hours Statistical Processing Maximize the impact of your data with transforming commands and eval functions. Free 3 hours Comparing Values Leverage the power of eval functions and expressions to compare field values Free 3 hours Result Modification Learn which commands manipulate output and normalize data. Free 3 hours Scheduling Reports and Alerts Automate incident response using reports and alerts. Free 3 hours Introduction to Dashboards Explore best practices for creating and using dashboards. Free 1 hour Search Under the Hood Dive into Splunk architecture and search processing. Free 1 hour Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing ● Required Courses in Learning Path ● Indent shows logical sequence of courses
© 2023 SPLUNK INC. Knowledge Manager Course About eLearning no Labs Time What is Splunk? Dig into machine data and how to use operational intelligence. Free 45 min Intro to Splunk Learn Splunk basics, including reports, dashboards and events. Free 45 min Using Fields Expand your understanding of fields and their use in searches. Free 1 hour Intro to Knowledge Objects Learn to create, define, edit and manage knowledge objects. Free 1 hour Creating Knowledge Objects Use the Splunk web interface to create knowledge objects. Free 3 hours Creating Field Extractions Unlock the Field Extractor (FX) utility to understand the when and how of field extraction in Splunk. Free 3 hours Enriching Data with Lookups Understand how to upload, define, automate and use advanced lookup options. Free 3 hours Data Models Discover the power of data models, including creation, design and acceleration Free 3 hours Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing ● Required Courses in Learning Path ● Indent shows logical sequence of courses
© 2023 SPLUNK INC. Free Splunk Security Training Course About eLearning no Labs Time Introduction to Enterprise Security Understand how Enterprise Security can help identify and protect your organization from threats. Free 40 min Introduction to Splunk Security Essentials Explore use cases and analytic stories from Splunk Security Essentials (SSE) to discover how the detection works. Free 45 min Introduction to Splunk UBA Learn to define UBA and how Splunk can give insight into threats, anomalies, and internal data. Free 16 min Introduction to Splunk SOAR Discover the features, capabilities and use cases for Splunk SOAR (Security Orchestration and Automated Response). Free 20 min Developing SOAR Applications Unlock the possibilities of SOAR application designing, debugging and testing. Free 45 min SOAR Phantom Container Creation Walkthrough This 7-minute video guides analysts through creating containers via 3 methods: using an app, manually, or via import. Free 7 min Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing
© 2023 SPLUNK INC. Free Splunk Enterprise & Cloud Training Course About eLearning no Labs Time Splunk Infrastructure Overview This self-paced course gives users a high-level look at how to grow a Splunk deployment from a single instance to a distributed environment Free 1 hour Getting Data In Understand the basics of data source types and input. Free 30 min Splunk Enterprise Installation and Configuration Understand the basics of installing Splunk in a non-clustered environment. Free 30 min Splunk Enterprise Licensing Review best practices of managing Splunk licenses and configuring Splunk License Manager. Free 21 min Upgrading Splunk Enterprise Arm yourself with knowledge for your next non-clustered Splunk Enterprise upgrade. Free 17 min IT Essentials Learn - Walkthrough This 8-minute eLearning course steps you through the IT Essentials Learn app Free 8 min IT Essentials Work - Walkthrough This 12.5-minute walkthrough is for Splunk and IT admins with basic IT knowledge who understand IT Operations and monitoring. Free 12.5 min Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing
© 2023 SPLUNK INC. Free Splunk Observability - Infrastructure Monitoring & Application Performance Monitoring Course SREs DevOps Develo pers About Introduction to Splunk Observability (Cloud) - Free eLearning ✓ ✓ ✓ Learn the difference between monitoring and observability. Getting Data into Splunk Observability Cloud - Free eLearning ✓ Use the Splunk Distribution of the Open Telemetry (OTel) Collector to send metrics and logs to Splunk Observability Cloud. Introduction to Splunk Infrastructure Monitoring (IM) - Free eLearning ✓ ✓ ✓ Explore the Splunk Infrastructure Monitoring basics. Splunk Observability Cloud: Teams - Free eLearning ✓ ✓ See how to set up and manage teams in the Splunk Cloud platform. Splunk Observability Cloud: Enterprise Features - Free eLearning ✓ ✓ ✓ See how to set permissions and use mirrored dashboards. Implementing the Splunk App for Infrastructure (SAI) - Free eLearning ✓ ✓ ✓ Get all the details for installing and configuring SAI. Introduction to Splunk Application Performance Monitoring (eLearning) ✓ ✓ ✓ Get an overview of Splunk APM's key features, navigation and basic troubleshooting. Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing
© 2023 SPLUNK INC. Splunk Observability - Other Products Course SREs DevOps Develop ers About Introduction to Splunk Log Observer - Free eLearning ✓ ✓ ✓ Understand filtering and browsing log messages, finding trends in log data through aggregation functions, and facilitating team collaboration Introduction to Splunk Synthetic Monitoring - Free eLearning ✓ ✓ ✓ Learn what Splunk Synthetic Monitoring is, explore the UI and differentiate the types of tests. Using Splunk Synthetic Monitoring (RIGOR) - Free eLearning ✓ ✓ ✓ Understand best practices, data visualization and alerts. Introduction to Splunk Real User Monitoring - Free eLearning ✓ Delve into how to use Splunk RUM for troubleshooting. Responding to Incidents in Splunk On-Call - Free eLearning ✓ ✓ ✓ Dig into shifts, rotations, escalation and scheduling. Splunk App for Content Packs - Free eLearning Review the basics of Splunk's App for Content Packs, including installation, configuration and metrics monitoring. Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing
© 2023 SPLUNK INC. Splunk Education Helpful Tips ● Splunk Education Official Website ● Splunk Education Student Handbook ● Splunk Certification Handbook ● Splunk Education Pricing ● Registration and Passkey Guide ● Splunk Academic Alliance Program
© 2023 SPLUNK INC. Splunk Education Contacts Education Coordinators by Region Education_AMER@splunk.com Education_EMEA@splunk.com Education_APAC@splunk.com Certification Certification@splunk.com
© 2023 SPLUNK INC. Leaders ● User leaders needed! Next meeting ● In person in Seattle Wrap up Topic ideas ● Drop suggestions or offers to speak to the #pnw channel in the UG slack .conf23 ● July 20-23 ● Las Vegas
© 2022 SPLUNK INC. Thank You

More Related Content

PPTX
Splunk Security Presentation_RSA2018.pptx
by779734791
 
PDF
Splunk-Presentation
byPrasadThorat23
 
PDF
Splunk ES 8 mission controle data analytic
bywillmorekanan
 
PPTX
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
bySplunk
 
PDF
2022 09 March Splunk PNW User Group
byAmanda Richardson
 
PPTX
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
bySplunk
 
PPTX
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
byNiketNilay
 
PPTX
Security crawl walk run presentation mckay v1 2017
byAdam Tice
 
Splunk Security Presentation_RSA2018.pptx
by779734791
 
Splunk-Presentation
byPrasadThorat23
 
Splunk ES 8 mission controle data analytic
bywillmorekanan
 
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
bySplunk
 
2022 09 March Splunk PNW User Group
byAmanda Richardson
 
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
bySplunk
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
byNiketNilay
 
Security crawl walk run presentation mckay v1 2017
byAdam Tice
 

Similar to March 2023 PNW User Group

PPTX
Splunk Overview
bySplunk
 
PPTX
Exploring Frameworks of Splunk Enterprise Security
bySplunk
 
PPTX
Splunk Cloud and Splunk Enterprise 7.2
bySplunk
 
PPTX
Splunk Enterprise Security
bySplunk
 
PDF
Splunk Leadership Forum Wien - 20.05.2025
bySplunk
 
PPTX
Splunk Cloud and Splunk Enterprise 7.2
bySplunk
 
PPTX
Splunk Cloud and Splunk Enterprise 7.2
bySplunk
 
PPTX
.conf Go Zurich 2022 - Platform Session
bySplunk
 
PPTX
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
bySplunk
 
PDF
Splunk Solution overview testing versi 1
byyulitasarahhh
 
PPTX
SplunkLive! London 2017 - Splunk Overview
bySplunk
 
PDF
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
bySplunk EMEA
 
PPTX
Exploring Frameworks of Splunk Enterprise Security
bySplunk
 
PDF
Webinar: Neues zur Splunk App for Enterprise Security
byGeorg Knon
 
PPTX
What's New with the Latest Splunk Platform Release
bySplunk
 
PPTX
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
bySplunk
 
PPTX
Delivering New Visibility and Analytics for IT Operations
bySplunk
 
PDF
SplunkLive! Zürich - Splunk für Security
bySplunk
 
PDF
SplunkLive! Wien - Splunk für Security
bySplunk
 
PPTX
Build a Security Portfolio That Strengthens Your Security Posture
bySplunk
 
Splunk Overview
bySplunk
 
Exploring Frameworks of Splunk Enterprise Security
bySplunk
 
Splunk Cloud and Splunk Enterprise 7.2
bySplunk
 
Splunk Enterprise Security
bySplunk
 
Splunk Leadership Forum Wien - 20.05.2025
bySplunk
 
Splunk Cloud and Splunk Enterprise 7.2
bySplunk
 
Splunk Cloud and Splunk Enterprise 7.2
bySplunk
 
.conf Go Zurich 2022 - Platform Session
bySplunk
 
SplunkLive! London 2017 - Splunk Enterprise for IT Troubleshooting
bySplunk
 
Splunk Solution overview testing versi 1
byyulitasarahhh
 
SplunkLive! London 2017 - Splunk Overview
bySplunk
 
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...
bySplunk EMEA
 
Exploring Frameworks of Splunk Enterprise Security
bySplunk
 
Webinar: Neues zur Splunk App for Enterprise Security
byGeorg Knon
 
What's New with the Latest Splunk Platform Release
bySplunk
 
Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update
bySplunk
 
Delivering New Visibility and Analytics for IT Operations
bySplunk
 
SplunkLive! Zürich - Splunk für Security
bySplunk
 
SplunkLive! Wien - Splunk für Security
bySplunk
 
Build a Security Portfolio That Strengthens Your Security Posture
bySplunk
 

Recently uploaded

PPTX
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
PDF
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PPTX
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PDF
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PDF
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PDF
Introduction to Linux and Basic Commands
byiDev Semarang
 
PPT
connectives-linking words in English.ppt
byAmrMohammed82
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
Computer Science Conferences 2026 | Research by SAI Conference
byHealth Conference 2026
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
Getting the Best of TrueDEM – January News & Updates
bypanagenda
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
Introduction to Linux and Basic Commands
byiDev Semarang
 
connectives-linking words in English.ppt
byAmrMohammed82
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 

March 2023 PNW User Group

  • 1.
    © 2022 SPLUNKINC. Splunk PNW User Group 30 March, 2023
  • 2.
    © 2022 SPLUNKINC. Agenda Topic Speaker Organization Time Welcome Grab your lunch, get comfy Intros and announcements Amanda Richardson Sr. Customer Success Manager Splunk 15m Splunk Enterprise Security - What’s New Dan Hogland Staff Security CSE Splunk 30m Splunk Education - Learning for All! Melissa Riley Learning Success Manager Splunk 30m Open Discussion and Networking Time! User Community All 30m Wrap up Closing remarks, topic ideas Rob de Luna Sr. Solutions Engineer Splunk 15m
  • 3.
    © 2022 SPLUNKINC. Splunk Enterprise Security A data-centric, modern SIEM solution Dan Hogland Staff CSE, Security
  • 4.
    This presentation maycontain forward-looking statements regarding future events, plans or the expected financial performance of our company, including our expectations regarding our products, technology, strategy, customers, markets, acquisitions and investments. These statements reflect management’s current expectations, estimates and assumptions based on the information currently available to us. These forward-looking statements are not guarantees of future performance and involve significant risks, uncertainties and other factors that may cause our actual results, performance or achievements to be materially different from results, performance or achievements expressed or implied by the forward-looking statements contained in this presentation. For additional information about factors that could cause actual results to differ materially from those described in the forward-looking statements made in this presentation, please refer to our periodic reports and other filings with the SEC, including the risk factors identified in our most recent quarterly reports on Form 10-Q and annual reports on Form 10-K, copies of which may be obtained by visiting the Splunk Investor Relations website at www.investors.splunk.com or the SEC's website at www.sec.gov. The forward-looking statements made in this presentation are made as of the time and date of this presentation. If reviewed after the initial presentation, even if made available by us, on our website or otherwise, it may not contain current or accurate information. We disclaim any obligation to update or revise any forward-looking statement based on new information, future events or otherwise, except as required by applicable law. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. We undertake no obligation either to develop the features or functionalities described, in beta or in preview (used interchangeably), or to include any such feature or functionality in a future release. Splunk, Splunk> and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names or trademarks belong to their respective owners. © 2022 Splunk Inc. All rights reserved. Forward- Looking Statements 2.18.22-19:04
  • 5.
    © 2022 SPLUNKINC. The Splunk Difference A data-centric approach to security Any Data, Any Source Make disparate data available, queryable, and actionable 1 Fast, Flexible Investigations Achieve 100% compliance and 5x faster security investigations 2 Proven Scalability Ingest TBs of data per day and perform over 1M searches per week 3 Open Ecosystem 2,800+ integrations to support your best-in-class technology stack 4 Support for All Deployments Effectively monitor and secure complex multicloud or hybrid environments 5 Source 1: Nasdaq customer story Source 2: Check Point Software customer story Source 3: Intel customer story Source 4: Slack customer story & Splunkbase Source 5: Travis Perkins PLC customer story
  • 6.
    © 2022 SPLUNKINC. Advanced Analytics ● 1170+ detections with 100+ cloud- based detections ● 30% increase in true-positive alert rates with Risk-Based Alerting (RBA) ● Enrich and prioritize alerts with integrated threat intelligence (Splunk Intelligence Management) ● Align security operations to industry frameworks (MITRE ATT&CK, NIST, CIS 20, and Kill Chain) ● Dive deep with intuitive search and investigation capabilities Boost productivity
  • 7.
    © 2021 SPLUNKINC. © 2022 SPLUNK INC. What’s New in ES
  • 8.
    © 2022 SPLUNKINC. What’s New in Splunk Enterprise Security 7.0? ● Executive Summary Dashboard ● Security Operations Dashboard ● Cloud Security Monitoring Dashboards ● Real-Time Content Updates ● Dark Mode User Experience (Cloud) On Prem & Cloud
  • 9.
    © 2022 SPLUNKINC. On Prem & Cloud Executive Summary Dashboard ● Increased visibility for CISOs, Security Directors and SOC Managers into overall health of security program ● Key Insights ○ Mean Time to Triage ○ Mean Time to Respond ○ Investigations Created ○ Assigned Notables Over Time ○ Notable Event History Trends ○ Risk-Based Alerting Trends ○ Adaptive Response Action Trends Executive Level Security Insights with Trends over Time A v a i l a b l e N o w
  • 10.
    © 2022 SPLUNKINC. On Prem & Cloud A v a i l a b l e N o w Security Operations Dashboard ● Key Insights ○ Mean Time to Triage ○ Mean Time to Respond ○ Investigations Created ○ Notable Assignments ○ Notable and Analyst Close Rate ○ Notable Disposition ■ False Positives ■ True Positives ■ Benign Positives Performance and Efficiency Insights across Security Operations
  • 11.
    © 2022 SPLUNKINC. ● New Dashboards include ○ AWS Security Groups ○ AWS IAM Activity ○ AWS Network ACLs ○ AWS Access Analyzer ○ Microsoft 365 ● Enterprise Security 7.0 proactively notifies you of new content updates from the Splunk Threat Research Team and enables updates in one click Cloud Security Dashboards Visibility into AWS and Microsoft 365 Cloud Security Datasets Real-Time Content Updates Automated Security Content Delivery On Prem & Cloud A v a i l a b l e N o w
  • 12.
    © 2022 SPLUNKINC. Cloud A v a i l a b l e N o w Modernized User Experience ● Updated “Dark Mode” User Interface ● ES joins other Splunk Security Products in adopting modern development frameworks and best practices Unified User Experience
  • 13.
    © 2023 SPLUNKINC. What’s New in Splunk Enterprise Security 7.1? MITRE ATT&CK Framework Matrix Provides the ability to visualize MITRE ATT&CK tactics and techniques in Risk Notable Events and operationalize the MITRE ATT&CK framework when responding to Notable Events Cloud Based Streaming Analytics Enables scalable, real-time streaming analytics for a broad range of advanced security detections that address common use cases. Threat Topology Allows analysts to immediately discover the scope of a security incident and quickly pivot between affected assets and users in the investigation.
  • 14.
    © 2023 SPLUNKINC. ● Real-time insider threat detections ● Seamless integration with ES ● Scalable analytics ● Simple to deploy, cloud-native & low maintenance solution Detect Suspicious Behavior In Real- Time Cloud Based Streaming Analytics* & Risk Based Alerting *Cloud-Based Streaming Analytics will be available in US East only on 1/11. Cloud
  • 15.
    © 2023 SPLUNKINC. Quickly Discover the Scope of an Incident to Respond Accurately ● Comprehensive view into security incidents ● Quickly determine the severity level of an incident ● Identify additional impacted subjects of an investigation without writing a single line of code of query language Threat Topology Visualization Cloud & On-Prem
  • 16.
    © 2023 SPLUNKINC. Improve Security Workflow Efficiencies With Embedded Frameworks ● Visualize MITRE ATT&CK tactics and techniques in Risk Notable Events ● Operationalize the MITRE ATT&CK framework when responding to Notable Events MITRE ATT&CK Framework Matrix Visualization Cloud & On-Prem
  • 17.
    © 2022 SPLUNKINC. Splunk Education Free Splunk Training Overview March 2023
  • 18.
    © 2023 SPLUNKINC. Time to Value Adoption Productivity Support Needs Deploy use cases faster to deliver business outcomes Reduce the number of support calls and consulting engagements Empower end users to adopt and use the Splunk platform Enable developers and power users to build assets efficiently and effectively Splunk Education Benefits Increase your Return on Splunk Investment (ROI)
  • 19.
    © 2023 SPLUNKINC. Accelerate Success Industry and Splunk experts Technical Instructors Lecture, demos, hands-on labs and assessments Comprehensive Curriculum Classroom, virtual and self-paced learning Flexible Delivery Methods Based on Splunk product and persona Learning Paths Validate and prove Splunk skills Certification Tracks
  • 20.
    © 2023 SPLUNKINC. Who benefits? When is it? What do I have to do? And then? Designed to create a better experience for customers, partners, and prospects. Complete all in- progress training before the transition on May 17. Transition to the new system will cause downtime from May 17-21. Anyone who takes Splunk technical training May 22 launch Plan ahead Enjoy the new learning experience What’s new? Supports all Splunk product technical training and certifications. More feature-rich and streamlined experience Splunk Training and Enablement Portal (STEP) New Splunk Learning Platform
  • 21.
    © 2023 SPLUNKINC. Splunk has free Training for all
  • 22.
    © 2021 SPLUNKINC. Free Learning Paths
  • 23.
    © 2023 SPLUNKINC. Free Learning Paths ● Learning paths based on Splunk product and persona ● Enterprise and Cloud Basics- 23 free eLearning ○ Ingest and correlate different data sources in Splunk Platform ○ Enrich unstructured data ○ Extract custom fields ○ Manage knowledge objects ○ Understand SPL best practices for better data analysis ● Splunk Enterprise Security- 5 free eLearning ○ Learn the value of Splunk Security solutions ○ Get an overview of use cases and best practices ○ Get an overview of SOAR ● Splunk Observability Overview + Apps- 13 free eLearning ○ Learn the value of Splunk Observability solutions ○ Get an overview of use cases and best practices
  • 24.
    © 2023 SPLUNKINC. Free Splunk Training
  • 25.
    © 2023 SPLUNKINC. Search Expert Course About eLearning no Labs Time What is Splunk? Dig into machine data and how to use operational intelligence. Free 45 min Intro to Splunk Learn Splunk basics, including reports, dashboards and events. Free 45 min Using Fields Expand your understanding of fields and their use in searches. Free 1 hour Visualizations Find out how to manage and visualize data in the Splunk platform. Free 1 hour Working with Time Gain expertise at using time in searches. Free 3 hours Statistical Processing Maximize the impact of your data with transforming commands and eval functions. Free 3 hours Comparing Values Leverage the power of eval functions and expressions to compare field values Free 3 hours Result Modification Learn which commands manipulate output and normalize data. Free 3 hours Scheduling Reports and Alerts Automate incident response using reports and alerts. Free 3 hours Introduction to Dashboards Explore best practices for creating and using dashboards. Free 1 hour Search Under the Hood Dive into Splunk architecture and search processing. Free 1 hour Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing ● Required Courses in Learning Path ● Indent shows logical sequence of courses
  • 26.
    © 2023 SPLUNKINC. Knowledge Manager Course About eLearning no Labs Time What is Splunk? Dig into machine data and how to use operational intelligence. Free 45 min Intro to Splunk Learn Splunk basics, including reports, dashboards and events. Free 45 min Using Fields Expand your understanding of fields and their use in searches. Free 1 hour Intro to Knowledge Objects Learn to create, define, edit and manage knowledge objects. Free 1 hour Creating Knowledge Objects Use the Splunk web interface to create knowledge objects. Free 3 hours Creating Field Extractions Unlock the Field Extractor (FX) utility to understand the when and how of field extraction in Splunk. Free 3 hours Enriching Data with Lookups Understand how to upload, define, automate and use advanced lookup options. Free 3 hours Data Models Discover the power of data models, including creation, design and acceleration Free 3 hours Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing ● Required Courses in Learning Path ● Indent shows logical sequence of courses
  • 27.
    © 2023 SPLUNKINC. Free Splunk Security Training Course About eLearning no Labs Time Introduction to Enterprise Security Understand how Enterprise Security can help identify and protect your organization from threats. Free 40 min Introduction to Splunk Security Essentials Explore use cases and analytic stories from Splunk Security Essentials (SSE) to discover how the detection works. Free 45 min Introduction to Splunk UBA Learn to define UBA and how Splunk can give insight into threats, anomalies, and internal data. Free 16 min Introduction to Splunk SOAR Discover the features, capabilities and use cases for Splunk SOAR (Security Orchestration and Automated Response). Free 20 min Developing SOAR Applications Unlock the possibilities of SOAR application designing, debugging and testing. Free 45 min SOAR Phantom Container Creation Walkthrough This 7-minute video guides analysts through creating containers via 3 methods: using an app, manually, or via import. Free 7 min Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing
  • 28.
    © 2023 SPLUNKINC. Free Splunk Enterprise & Cloud Training Course About eLearning no Labs Time Splunk Infrastructure Overview This self-paced course gives users a high-level look at how to grow a Splunk deployment from a single instance to a distributed environment Free 1 hour Getting Data In Understand the basics of data source types and input. Free 30 min Splunk Enterprise Installation and Configuration Understand the basics of installing Splunk in a non-clustered environment. Free 30 min Splunk Enterprise Licensing Review best practices of managing Splunk licenses and configuring Splunk License Manager. Free 21 min Upgrading Splunk Enterprise Arm yourself with knowledge for your next non-clustered Splunk Enterprise upgrade. Free 17 min IT Essentials Learn - Walkthrough This 8-minute eLearning course steps you through the IT Essentials Learn app Free 8 min IT Essentials Work - Walkthrough This 12.5-minute walkthrough is for Splunk and IT admins with basic IT knowledge who understand IT Operations and monitoring. Free 12.5 min Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing
  • 29.
    © 2023 SPLUNKINC. Free Splunk Observability - Infrastructure Monitoring & Application Performance Monitoring Course SREs DevOps Develo pers About Introduction to Splunk Observability (Cloud) - Free eLearning ✓ ✓ ✓ Learn the difference between monitoring and observability. Getting Data into Splunk Observability Cloud - Free eLearning ✓ Use the Splunk Distribution of the Open Telemetry (OTel) Collector to send metrics and logs to Splunk Observability Cloud. Introduction to Splunk Infrastructure Monitoring (IM) - Free eLearning ✓ ✓ ✓ Explore the Splunk Infrastructure Monitoring basics. Splunk Observability Cloud: Teams - Free eLearning ✓ ✓ See how to set up and manage teams in the Splunk Cloud platform. Splunk Observability Cloud: Enterprise Features - Free eLearning ✓ ✓ ✓ See how to set permissions and use mirrored dashboards. Implementing the Splunk App for Infrastructure (SAI) - Free eLearning ✓ ✓ ✓ Get all the details for installing and configuring SAI. Introduction to Splunk Application Performance Monitoring (eLearning) ✓ ✓ ✓ Get an overview of Splunk APM's key features, navigation and basic troubleshooting. Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing
  • 30.
    © 2023 SPLUNKINC. Splunk Observability - Other Products Course SREs DevOps Develop ers About Introduction to Splunk Log Observer - Free eLearning ✓ ✓ ✓ Understand filtering and browsing log messages, finding trends in log data through aggregation functions, and facilitating team collaboration Introduction to Splunk Synthetic Monitoring - Free eLearning ✓ ✓ ✓ Learn what Splunk Synthetic Monitoring is, explore the UI and differentiate the types of tests. Using Splunk Synthetic Monitoring (RIGOR) - Free eLearning ✓ ✓ ✓ Understand best practices, data visualization and alerts. Introduction to Splunk Real User Monitoring - Free eLearning ✓ Delve into how to use Splunk RUM for troubleshooting. Responding to Incidents in Splunk On-Call - Free eLearning ✓ ✓ ✓ Dig into shifts, rotations, escalation and scheduling. Splunk App for Content Packs - Free eLearning Review the basics of Splunk's App for Content Packs, including installation, configuration and metrics monitoring. Notes: - Pricing and courses are subject to change. - Dedicated virtual and onsite classes accommodate a maximum of 12 learners in each class. - For additional dedicated onsite terms, refer to https://education.splunk.com/Pricing
  • 31.
    © 2023 SPLUNKINC. Splunk Education Helpful Tips ● Splunk Education Official Website ● Splunk Education Student Handbook ● Splunk Certification Handbook ● Splunk Education Pricing ● Registration and Passkey Guide ● Splunk Academic Alliance Program
  • 32.
    © 2023 SPLUNKINC. Splunk Education Contacts Education Coordinators by Region Education_AMER@splunk.com Education_EMEA@splunk.com Education_APAC@splunk.com Certification Certification@splunk.com
  • 33.
    © 2023 SPLUNKINC. Leaders ● User leaders needed! Next meeting ● In person in Seattle Wrap up Topic ideas ● Drop suggestions or offers to speak to the #pnw channel in the UG slack .conf23 ● July 20-23 ● Las Vegas
  • 34.
    © 2022 SPLUNKINC. Thank You