SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...Splunk
Presented at SplunkLive! Munich 2018:
- What data do we need?
- We need Machine Learning
- Real Use Case Example
- Let's Drive Into How it Works
- Next Steps
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunk
Presented at SplunkLive! Munich 2018:
- Why AI & Machine Learning?
- What is Machine Learning?
- Splunk's Machine Learning Tour
- Use Cases & Customer Stories
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunk
Presented at SpluknLive! Frankfurt 2018:
Why AI & Machine Learning?
What is Machine Learning?
Splunk's Machine Learning Tour
Use Cases & Customer Stories
Wrap Up
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...Splunk
Presented at SplunkLive! Frankfurt 2018:
Introduction
SIEM Migration Methodology
Use Cases
Datasources & Data Onboarding
ES Architecture
Third-Party Integrations
You Got This!
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...Splunk
Presented at SplunkLive! Paris 2018:
- Challenges with Security Operations Today
- Overview of Splunk Adaptive Response Initiative
- Technology behind the Adaptive Response Framework
- Demonstrations
- How to build your own AR Action
- Resources
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk
Presented at Splunk Discovery Warsaw 2018:
What's Service Intelligence and Why You Should Care
Introduction to Splunk IT Service Intelligence
IT Service Intelligence Key Concepts
Demo
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...Splunk
Traditional security operations centres (SOCs) often focus too narrowly on alert triage or on meeting simplistic checkbox compliance requirements. This approach can leave the organisation with critical cybersecurity blind spots, and lead to other common problems including low SOC productivity, high analyst turnover, and increased operational costs. Ultimately, this traditional approach to running a SOC can cause the security team to fail to achieve its mission of detecting, responding to, and mitigating true threats in the environment. This session will cover how to build a modern analytics-driven security operations capability for your organisation. The analytics-driven SOC leverages technology innovations to serve human analysts by fusing advanced analytics, threat intelligence, automated response/orchestration, threat hunting, deep investigation, and incident response. This approach helps the security team to consistently deliver fast, effective threat detection and response.
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...Splunk
Presented at SplunkLive! Munich 2018:
- What data do we need?
- We need Machine Learning
- Real Use Case Example
- Let's Drive Into How it Works
- Next Steps
SplunkLive! Munich 2018: Get More From Your Machine Data Splunk & AISplunk
Presented at SplunkLive! Munich 2018:
- Why AI & Machine Learning?
- What is Machine Learning?
- Splunk's Machine Learning Tour
- Use Cases & Customer Stories
SplunkLive! Frankfurt 2018 - Get More From Your Machine Data with Splunk AISplunk
Presented at SpluknLive! Frankfurt 2018:
Why AI & Machine Learning?
What is Machine Learning?
Splunk's Machine Learning Tour
Use Cases & Customer Stories
Wrap Up
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...Splunk
Presented at SplunkLive! Frankfurt 2018:
Introduction
SIEM Migration Methodology
Use Cases
Datasources & Data Onboarding
ES Architecture
Third-Party Integrations
You Got This!
SplunkLive! Paris 2018: Use Splunk for Incident Response, Orchestration and A...Splunk
Presented at SplunkLive! Paris 2018:
- Challenges with Security Operations Today
- Overview of Splunk Adaptive Response Initiative
- Technology behind the Adaptive Response Framework
- Demonstrations
- How to build your own AR Action
- Resources
Splunk Discovery: Warsaw 2018 - Reimagining IT with Service IntelligenceSplunk
Presented at Splunk Discovery Warsaw 2018:
What's Service Intelligence and Why You Should Care
Introduction to Splunk IT Service Intelligence
IT Service Intelligence Key Concepts
Demo
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...Splunk
Traditional security operations centres (SOCs) often focus too narrowly on alert triage or on meeting simplistic checkbox compliance requirements. This approach can leave the organisation with critical cybersecurity blind spots, and lead to other common problems including low SOC productivity, high analyst turnover, and increased operational costs. Ultimately, this traditional approach to running a SOC can cause the security team to fail to achieve its mission of detecting, responding to, and mitigating true threats in the environment. This session will cover how to build a modern analytics-driven security operations capability for your organisation. The analytics-driven SOC leverages technology innovations to serve human analysts by fusing advanced analytics, threat intelligence, automated response/orchestration, threat hunting, deep investigation, and incident response. This approach helps the security team to consistently deliver fast, effective threat detection and response.
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions - Splunk Enterprise Security (ES) is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and
incident response environments. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams.
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk
Presented at Splunk Discovery Warsaw 2018:
SIEM Replacement Methodology
Use Cases
Data Sources & Data Onboarding
Architecture
Third Party Integration
You Got This!
Splunk Enterprise Security (ES) ist eine SIEM-Lösung, die Einblicke in von Sicherheitstechnologien erzeugte Maschinendaten wie Angaben über Netzwerke, Endpunkte, Zugriffe, Schadsoftware, Schwachstellen sowie Identitätsdaten liefert. Sicherheitsteams können damit interne und externe Angriffe schnell erkennen und abwehren und somit das Threat Management vereinfachen, Risiken minimieren und Ihr Unternehmen schützen. Splunk Enterprise Security strafft sämtliche Aspekte von Sicherheitsprozessen und eignet sich für Unternehmen jeder Größe und Expertise.
Accelerate Incident Response with Orchestration & AutomationSplunk
Daily IT security operations processes have not changed significantly over the past decade, but that all stands to change now that a new technology has arrived—enabling security teams to work smarter, respond faster, and improve their defenses. With Security Orchestration, Automation and Response (SOAR) technology, mundane processes can be handled by computers, allowing the SOC team to focus on identifying and responding to the real threats and attacks. This session examines traditional SOC processes and what becomes possible with a SOAR platform like Splunk Phantom. Whether it's a two-person security operation or a full complement SOC, learn to identify the processes that computers can handle on your behalf, and how to go beyond simple use cases and leverage all of the available security tools in your arsenal to the max.
Power the SOC of the Future with scale, speed and choice - Splunk Public Sect...Splunk EMEA
Power the SOC of the Future with scale, speed and choice - Splunk Public Sector Summit 2024
Sprecher:
Matthias Maier (Security Market Advisor, EMEA CEH, CISSP, CISM)
Splunk for Enterprise Security Featuring UBASplunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
13. Orchestration
▶ Brings together or integrates different technologies and tools
▶ Security-specific or non-security-specific
▶ Provides the ability to coordinate informed decision-making, formalize
and automate responsive actions
Orchestration vs. Automation
14. Automation & Orchestration Adoption Growing
Source: CyberSecurity Analytics and Analytics in Transition, ESG, 2017
16. Adaptive Response
Identity and
Access
Internal Network
Security
Endpoints
OrchestrationWAF & App
Security
Threat
Intelligence
Network
Web Proxy
FirewallMission
Deeper integrations
across the best
security
technologies to help
combat advanced
attacks together.
Approach
Gather/analyze,
share, take action
based on end-to-end
context, across
security domains.
22. Adaptive Response Actions (Examples)
AUTOMATIO
NCategory – Information gathering, Information conveyance, Permissions control
Task – Create, Update, Delete, Allow, Block
Subject – What will be acted upon (network, endpoint, etc.)
Vendor – Providing the action. Ex.: Splunk, Ziften, Palo Alto Networks, etc.
24. ▶ Catalog of latest AR
Actions
▶ Categorized by Use Case
and Security Domain
▶ Auto-update from
Splunkbase.com
▶ Showcase of key AR
actions (AWS, PAN, etc.)
Adaptive Response Actions Showcase App
26. ▶ Centrally automate retrieval, sharing and response
action, resulting in improved detection, investigation and
remediation times
▶ Improve operational efficiency using workflow-based
context with automated and human-assisted decisions;
Measure efficacy
▶ Extract new insight by leveraging context, sharing data
and taking actions between Enterprise Security and Adaptive
Response partners
Adaptive Response Benefits
27. Accelerate Detection, Investigation &
Response
▶ Use the correlation search builder
to configure, automate and attach
the results to notable events
▶ In incident review, configure and
execute ad-hoc responses and
queries across the security
ecosystem
▶ Use the actions dashboard to
search and review responses
taken and their results
31. Sample of Symantec AR Actions*:
• Isolate Endpoint
• Rejoin Endpoint
• Query File for Disposition
Case Study: Symantec
Symantec ATP helps detect
and remediate complex attacks
across endpoint, email, network,
and web from a single console
“Splunk Adaptive Response has the power to help reduce
workload on customer SOC teams by speeding up decision-making
and associated actions through automation.”
- Peter Doggart, Vice President of Business Development, Symantec
32. Sample of ForeScout AR Actions*:
• Redirect endpoint to specific
web browser
• Send email messages to users
• Kill peer-to-peer application
Case Study: Brown-Forman
“Leveraging the ForeScout Extended Module for Splunk via
Adaptive Response will enable us to minimize the time and
resources needed to respond to emerging threats.”
- Clayton Colwell, Associate Security Engineer, Brown-Forman Corporation
ForeScout CounterACT
enables its customers to monitor
real-time NAC events and
respond to security threats at
endpoints
34. Search and
Investigate
Analytics-Driven Security
Index Untapped Data:
Any Source, Type, Volume
On-
Premises
Private
Cloud
Public
Cloud
Storage
Online
Shopping Cart
Telecoms
Desktops
Security
Web
Services
Networks
Containers
Web
Clickstreams
RFID
Smartphones
and Devices
Servers
Messaging
GPS
Location
Packaged
Applications
Custom
Applications
Online
Services
DatabasesCall Detail
Records
Energy
Meters
Firewall
Intrusion
Prevention
Splunk
Enterprise Security
600+
Security Apps
Splunk User
Behavior Analytics
Monitoring,
Correlations,
Alerts
Dashboards
and Reports
Analytics and
Virtualization
Adaptive
Response
Employee
Info
Asset and
CMDB
Threat
Intelligence
Applications Data Stores
External Lookups
Platform for Operational Intelligence
35. Q&A
Thank you
Join:
Our Community, with
Apps, ask questions or
join a SplunkLive! event
https://www.splunk.com/en_us/community.html
Try:
Splunk Security Online
Experience (No download)
https://www.splunk.com/en_us/solutions/solution-
areas/security-and-fraud/security-
investigation/getting-started.html
Explore:
Download the CIS Critical
Security Controls App
https://splunkbase.splunk.com/app/3064/
36. ORLANDO FLORIDA
Walt Disney World Swan and Dolphin Hotels
.conf18:
Monday, October 1 – Thursday, October 4
Splunk University:
Saturday, September 29 – Monday, October 1
Save the Date 2018