Soumettre la recherche
Mettre en ligne
Exploring Frameworks of Splunk Enterprise Security
•
Télécharger en tant que PPTX, PDF
•
2 j'aime
•
1,207 vues
Splunk
Suivre
Demonstrating Frameworks of Splunk Enterprise Security
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 58
Télécharger maintenant
Recommandé
Splunk Enterprise Security
Splunk Enterprise Security
Splunk
SplunkLive! Splunk for Security
SplunkLive! Splunk for Security
Splunk
Splunk Enterprise Security
Splunk Enterprise Security
Md Mofijul Haque
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
Risi Avila
Splunk-Presentation
Splunk-Presentation
PrasadThorat23
Splunk overview
Splunk overview
Daniel Hernandez
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
Splunk Overview
Splunk Overview
Splunk
Recommandé
Splunk Enterprise Security
Splunk Enterprise Security
Splunk
SplunkLive! Splunk for Security
SplunkLive! Splunk for Security
Splunk
Splunk Enterprise Security
Splunk Enterprise Security
Md Mofijul Haque
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
Risi Avila
Splunk-Presentation
Splunk-Presentation
PrasadThorat23
Splunk overview
Splunk overview
Daniel Hernandez
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
Splunk
Splunk Overview
Splunk Overview
Splunk
Splunk Architecture overview
Splunk Architecture overview
Alex Fok
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
Splunk 101
Splunk 101
Splunk
Splunk Cloud
Splunk Cloud
Splunk
Analytics Driven SIEM Workshop
Analytics Driven SIEM Workshop
Splunk
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
Splunk Architecture
Splunk Architecture
Kishore Chaganti
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
How to justify the economic value of your data investment
How to justify the economic value of your data investment
Splunk
Splunk for IT Operations
Splunk for IT Operations
Splunk
Splunk - универсальная платформа для работы с любыми данными
Splunk - универсальная платформа для работы с любыми данными
CleverDATA
dlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
Splunk Overview
Splunk Overview
Splunk
Threat Hunting with Splunk
Threat Hunting with Splunk
Splunk
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
Der Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC Betrieb
Splunk
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk
Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
Splunk
Contenu connexe
Tendances
Splunk Architecture overview
Splunk Architecture overview
Alex Fok
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
Splunk 101
Splunk 101
Splunk
Splunk Cloud
Splunk Cloud
Splunk
Analytics Driven SIEM Workshop
Analytics Driven SIEM Workshop
Splunk
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
Splunk Architecture
Splunk Architecture
Kishore Chaganti
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
Splunk
How to justify the economic value of your data investment
How to justify the economic value of your data investment
Splunk
Splunk for IT Operations
Splunk for IT Operations
Splunk
Splunk - универсальная платформа для работы с любыми данными
Splunk - универсальная платформа для работы с любыми данными
CleverDATA
dlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
Splunk Overview
Splunk Overview
Splunk
Threat Hunting with Splunk
Threat Hunting with Splunk
Splunk
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Splunk
Der Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC Betrieb
Splunk
Tendances
(20)
Splunk Architecture overview
Splunk Architecture overview
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk 101
Splunk 101
Splunk Cloud
Splunk Cloud
Analytics Driven SIEM Workshop
Analytics Driven SIEM Workshop
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk Architecture
Splunk Architecture
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
How to justify the economic value of your data investment
How to justify the economic value of your data investment
Splunk for IT Operations
Splunk for IT Operations
Splunk - универсальная платформа для работы с любыми данными
Splunk - универсальная платформа для работы с любыми данными
dlux - Splunk Technical Overview
dlux - Splunk Technical Overview
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
Splunk Overview
Splunk Overview
Threat Hunting with Splunk
Threat Hunting with Splunk
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Make Your SOC Work Smarter, Not Harder
Make Your SOC Work Smarter, Not Harder
Der Weg in den vollautomatisierten SOC Betrieb
Der Weg in den vollautomatisierten SOC Betrieb
Similaire à Exploring Frameworks of Splunk Enterprise Security
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk
Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
Splunk
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
Splunk
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
Splunk
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Splunk
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Splunk
Splunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und Automation
Splunk
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
Splunk
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Splunk
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
Splunk
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
Adam Tice
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
Rod Soto
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
kamlesh2410
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Splunk
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Rene Aguero
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk
Similaire à Exploring Frameworks of Splunk Enterprise Security
(20)
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
SplunkLive! Munich 2018: Use Splunk for incident Response, Orchestration and ...
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Splunk Incident Response, Orchestrierung und Automation
Splunk Incident Response, Orchestrierung und Automation
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
SplunkLive! London 2017 - Build a Security Portfolio That Strengthens Your Se...
Drive More Value from your SOC Through Connecting Security to the Business
Drive More Value from your SOC Through Connecting Security to the Business
Security crawl walk run presentation mckay v1 2017
Security crawl walk run presentation mckay v1 2017
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
December Bengaluru Splunk User Group Meetup
December Bengaluru Splunk User Group Meetup
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
The Splunk AISecOps Initiative - Splunk Security Roundtable: Zurich 2018
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
Partner Exec Summit 2018 - Frankfurt: Analytics-driven Security und SOAR
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
SplunkLive! Frankfurt 2018 - Use Splunk for Incident Response, Orchestration ...
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
Splunk live nyc_2017_sec_buildinganalyticsdrivensoc
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
Splunk Discovery Day Dubai 2017 - Security Keynote
Splunk Discovery Day Dubai 2017 - Security Keynote
Plus de Splunk
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
Splunk
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
Splunk
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
Splunk
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
Splunk
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
Splunk
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
Splunk
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Splunk
Inside SecOps at bet365
Inside SecOps at bet365
Splunk
Plus de Splunk
(20)
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Inside SecOps at bet365
Inside SecOps at bet365
Dernier
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
SynarionITSolutions
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
Dernier
(20)
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Exploring Frameworks of Splunk Enterprise Security
1.
© 2019 SPLUNK
INC.© 2019 SPLUNK INC. Explore the Frameworks of Splunk Enterprise Security
2.
© 2019 SPLUNK
INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward-Looking Statements
3.
© 2019 SPLUNK
INC. ANGELO BRANCATO Security Specialist, EMEA
4.
© 2019 SPLUNK
INC. 1. Introduction 2. Splunk as an Analytics-Driven SIEM 3. Frameworks of Enterprise Security 4. Use Cases Enabled by the frameworks 5. Q&A Agenda
5.
© 2017 SPLUNK
INC. Splunk turns machine data into answers Network Servers DevOps Users Cloud Security Databases O F T H E Same Data D I F F E R E N T People A S K I N G D I F F E R E N T Questions
6.
THREATS ARE MORE COMPLEX AND FAR
REACHING NOT CLOSING THE SKILLS GAP SECURITY TO ENABLE BUSINESS AND THE MISSION
7.
T I E
R 1 A N A LY S T W O R K W I L L B E A U T O M AT E D T I M E N O W S P E N T T U N I N G D E T E C T I O N A N D R E S P O N S E L O G I C P L AT F O R M F O R I N V E S T I G AT I O N A N D T O O R C H E S T R AT E T H E M A L L 90% 50% 1
8.
© 2018 SPLUNK
INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data Free Security Apps / Content
9.
© 2018 SPLUNK
INC. Splunk Security Portfolio ANALYTICS DATA PLATFORM OPERATIONS Platform for Machine Data Free Security Apps / Content Investigate, Forensics, Hunting Security & Compliance Monitoring IR, Risk & Security Situational Awareness SOC Automation & Orchestration Reactive Proactive Level 1 Level 2 Level 3 Level 4 INVESTIGATE MONITOR ANALYZE ACT
10.
© 2018 SPLUNK
INC. Splunk Security Portfolio DATA PLATFORM ANALYTICS OPERATIONS Platform for Machine Data Free Security Apps / Content
11.
© 2019 SPLUNK
INC. Slow Investigations Inability to Effectively Ingest Data Limited Security Data Types Inflexible Deployment Options End-of-Life or Uncertain Roadmap Closed Ecosystem Instability and Scalability Security Operations Must Change Legacy SIEM not optimized for today’s security operations
12.
© 2019 SPLUNK
INC. Splunk as Your SIEM Fully optimized for modern security operations Fast Flexible Investigations Quickly Ingest Data at Massive Scale All Security Related Data Cloud, Hybrid and On- Premises Portfolio includes SIEM, UEBA, SOAR Open Ecosystem with 850+ partner integrations Petabytes Scale
13.
© 2019 SPLUNK
INC. Splunk Enterprise Security Addresses Security Operations Challenges MONITOR RESPONDDETECTFUNCTIONS INVESTIGATE Review Determine1 2 3 4Decide Act & AdaptPROCESS Prioritize incidents Decide what is most important to follow up or investigate SOLUTION Respond in a timely manner Do each step as fast as possible, with as little people as possible Effectively analyze Each bit of data needs context and relationship to all others
14.
What Is Enterprise
Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
15.
What Is Enterprise
Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
16.
© 2019 SPLUNK
INC. ► Streamline Incident Management • Consolidated incident management allows effective lifecycle management of security incidents. ► Make Rapid Decisions • Automatically aligns all security context together for fast incident qualification and provides predefined analysis paths. ► Refine Security Management • Investigation management and customizations to support complex process integration requirements. Workflow for Streamlined Incident Management Handle Security Incidents – Notable Events Framework Discovery to remediation
17.
© 2019 SPLUNK
INC. ► Use for Security Operations • “Application” logics are pre-built on top of Splunk Enterprise as data platform. • Provide graphically oriented user experience supporting the security operations workflow. ► Intuitive User Interface Optimized for Security Operations • Security operational tasks designed into user interface versus search bar interface. • Key relevant information automatically presented as summary of incident. Notable Events and Incident Review MONITOR RESPONDDETECTFUNCTIONS INVESTIGATE
18.
© 2019 SPLUNK
INC.INCIDENT REVIEW INTERFACE
19.
© 2019 SPLUNK
INC. Overall Incident Status and Control • Provides central workflow management for all security incidents • Search / Filter / Zoom into incidents or timeframe • Monitor new and changing incident status • Field oriented search/filtering on the most common investigation fields Benefits: • Integrated / consolidated incident management • Simple and fast understanding of all incidents in the network SEARCH AND NAVIGATION INTERFACE INCIDENT REVIEW INTERFACE
20.
© 2019 SPLUNK
INC. Notable events provide alerting framework tuned to the corporation • Information dense display provide contextual information for rapid analyst understanding of threat information • Incident management and workflow including status, owner, triggering security domains • Important fields are displayed and incident and field pivot actions provide contextual “investigation” Benefits: • Optimize triage to evidence gathering to incident investigation • Rapid understanding of threats in the environment CONSOLIDATED INCIDENT MANAGEMENT INTERFACE INCIDENT REVIEW INTERFACE
21.
© 2019 SPLUNK
INC. 1Risk-based security Fast Incident Review and Investigation List of installed / imported Contents Incidents that match correlation rule – important events within your environment 1 Workflow Process 1: Event Overview • The result of matching correlations searches executed, shows type of rule, domain, urgency, status, owner • Provides information to clear status of activities in the network INCIDENT REVIEW INTERFACE
22.
© 2019 SPLUNK
INC. 1Risk-based security Fast Incident Review and Investigation List of installed / imported Contents Incident Context - Identity, Asset, .. 2 Workflow Process 2: Incident Context • Automated / customizable incident context correlations, aligns all relevant context information to an incident • Provides fast situational understanding of an incident INCIDENT REVIEW INTERFACE
23.
© 2019 SPLUNK
INC. Fast Incident Review and Investigation Analysis Actions : set of actions are linked to each field/value 3 Workflow Process 3: Analysis Actions • Ability to deep dive into different pre-defined domain analysis for a specific entity in an incident • Provides most logical analysis options for deeper insights INCIDENT REVIEW INTERFACE
24.
© 2019 SPLUNK
INC. 1Risk-based security Fast Incident Review and Investigation List of installed / imported Contents Actions available for all incidents4 Workflow Process 4: Remediation Actions • Customizable incident remediation actions to manage the state of incident or further extend the process to other features / systems • Provides ability to associate desired remediation actions INCIDENT REVIEW INTERFACE
25.
© 2017 SPLUNK
INC. Notable Event Framework https://dev.splunk.com/view/enterprise-security/SP-CAAAFA9
26.
© 2019 SPLUNK
INC. What Is Enterprise Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
27.
© 2019 SPLUNK
INC. Asset and Identity Framework Automatically maps asset and identity context to incidents ASSET RESOLUTION - Which? - Function - Owner - Location - Impact IDENTITY RESOLUTION - By who? - Role - From? - Privilege - Source IP : PC from remote office - Target server : - PCI Zone Database - Belongs to ecommerce team - Web mart database - Source IP User : - Bill Williams, VP of Finance - Pleasanton office - No recent Windows patch Identity Info Mapped Asset Info Mapped ▶ Fast Incident Qualification • By automating context enrichment, SecOps can qualify more incidents quickly ▶ Extended Situation Based Insights • Rich enrichment allows more accurate assessment of situational aspect of incidents
28.
© 2019 SPLUNK
INC. Asset / Identity resolutions • Translate related asset (Host function, name, location, subnet) and user (ID, User name, location) to details for qualification Benefits : • Prioritize incidents by understand the importance of asset / ID as well as situational awareness related to the asset Other security / vulnerability lookups • Status on various context enrichment data sources - Vulnerability Information - Patch Status - Other various customizable lookups from other sources Enriched security context / What? Where? Who? How? SECURITY ENRICHED CONTEXT Correlations search match details • Detailed descriptions of the event, customizable for recommendation
29.
© 2019 SPLUNK
INC. Asset and Identity Framework : Asset Database ASSET Database Synchronize and merge asset DB (CMDB, API, Ext DB)
30.
© 2019 SPLUNK
INC. Asset and Identity Framework : Identity Database IDENTITY Database Synchronize with HR / LDAP/ AD / User DB
31.
© 2019 SPLUNK
INC. Asset and Identity Framework : Enrichment Expand Enrichment Unlimited expansion to enrich any information to incident
32.
© 2019 SPLUNK
INC. Representative list of Assets and Identities CMDB Sophos
33.
© 2019 SPLUNK
INC. Asset and Identity Framework https://dev.splunk.com/view/enterprise-security/SP-CAAAFBB
34.
© 2019 SPLUNK
INC. What Is Enterprise Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
35.
© 2019 SPLUNK
INC. ► Expose Risk Factors to Analysts • Rationalize and analyze behaviors and relationships across all data. • Investigate risk factors to anticipate threats and prevent future threats. ► Prioritize/Decide Based on Risk • Transparent evidence translate to quantitative numbers. • Ability map scores to different objects including events and aggregate based on a criteria. (Functions, Business units, Physical business location, etc.) Risk Framework Quantitative metrics are applied to distinguish importance +80 Asset Identity Other Attributes TOTAL RISK SCORE Occurrence of matching correlations searches
36.
© 2019 SPLUNK
INC. Risk Attribution Using a Summary Index or ES Risk Index RiskRule-AnomalousLogin RiskRule-ThreatIntelIOC RiskRule-MalwareDetection RiskRule-IDSRecon RiskRule-IDSAttack RiskRule-FirstTimeSeenDomain RiskRule-LongPowershell RiskRule-EncryptedPowershell RiskRule-EndPointAV RiskRule-#10 . . . . RiskRule-#150 Risk Index RiskIncidentRule-HighCompositeRiskScore RiskIncidentRule-Multiple RiskRulesSinglePhase RiskIncidentRule-MultipleATT&CKPhases . . . . Risk Driven Alert Notable Event in ES
37.
© 2019 SPLUNK
INC. Risk Change Postures : Snapshot of overall posture changes Risk Change Trends : Overall risk score change trends Risk Objects / Incident types Status : Individual risk object status, object being either “system”, “users”, “Incidents” Recent Risk Modifiers : Detailed events including the risk scores and associated risk object Risk Analysis Dashboard
38.
© 2019 SPLUNK
INC. Risk Analysis With Incident Review Adds Context… Risk score displayed in Incident Review Risk score displayed in incident review
39.
© 2019 SPLUNK
INC. Risk Framework https://dev.splunk.com/view/enterprise-security/SP-CAAAFBD
40.
© 2019 SPLUNK
INC. What Is Enterprise Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
41.
© 2019 SPLUNK
INC. Threat Intelligence Framework Finding hidden IOCs using comprehensive threat intelligence mappings • Multiple sources • Multiple transmission types • Multiple transports • Multiple data formats INTEL SOURCES 1. IP 2. Emails 3. URLs 4. Files names/ hashes 5. Processes names 6. Services 7. Registry entries 8. X509 Certificates 9. Users CATEGORIZE Index, Extract, Categorize Manage / Audit threat sources • List status • List mgmt. • List location COLLECT MANAGE Data Management SEARCH Ad-hoc search, analyze, investigate, prioritize Data Search CORRELATE Match all IOCs in existing log data Generate alert for any matches KSI and trends Security Dashboard Correlation Data / Notable Events
42.
© 2019 SPLUNK
INC. Threat Intel Support Threat collection Supported IOC data types Local lookup file certificate_intel X509 Certificates Local Certificate Intel email_intel Email Local Email Intel file_intel File names or hashes Local File Intel http_intel URLs Local HTTP Intel ip_intel IP addresses Local IP Intel domains Local Domain Intel process_intel Processes Local Process Intel registry_intel Registry entries Local Registry Intel service_intel Services Local Service Intel user_intel Users Local User Intel
43.
© 2019 SPLUNK
INC. Threat intelligence source management Manage various threat intelligence in a simple configuration framework. Fine tuning the accuracy and relevancy by prioritizing higher importance of intel be applied. Detailed Threat Update Setup Provides management interface to easily define / download / update / apply Configure Threat Intel
44.
© 2019 SPLUNK
INC. Threat intel Source lookups • ES data is mapped with detailed Threat source that indicate potential IOCs • Threat match provide information on the type of threat activities Threat Intel Details • Detailed description of matching ES Threat Incident • Provide immediate detailed information about the detected activity Contributing Event Raw data source that supports the event as evidence to events Threat Intelligence in Incident Review
45.
© 2019 SPLUNK
INC. Threat intel indicator overview Shows overall posture of threat activities to understand quickly the changes in the detected threat activities status. Threat intel trending overview Shows trend changes of threat activities including the changes in the type of threats. Detailed threat type activities Shows detailed active threat types and associated assets to understand, what kind of threats are active in network. Active threat sources Shows how different threat sources are active to understand and calibrate threat intel enhancements. THREAT ACTIVITY
46.
© 2019 SPLUNK
INC. Threat Intelligence Framework https://dev.splunk.com/view/enterprise-security/SP-CAAAFBC
47.
© 2019 SPLUNK
INC. What Is Enterprise Security? . Access Protection – show analytic story – detection searches Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
48.
© 2019 SPLUNK
INC. Use Case Library Faster Detection and Incident Response Discover new use cases and determine which ones can be used within your environment right away Create, curate, install, and manage content, Analytic Stories and third-party created content
49.
© 2019 SPLUNK
INC. What Is Enterprise Security? Mainframe Data Relational Databases MobileForwarders Syslog/ TCP IoT Devices Network Wire Data Hadoop Platform for Operational Intelligence Notable Events Asset & Identity Risk Analysis Threat Intelligence Use Case Library Adaptive Response
50.
© 2019 SPLUNK
INC. Splunk as the Security Nerve Center Endpoints Threat Intelligence Network Web Proxy Firewall Identity and Access WAF and App Security Cloud Security Mobile ORCHESTRATION ANALYTICS Mission: Deeper integrations across the best security technologies to help combat advanced attacks together Approach: Gather / analyze, share, take action based on end-to-end context, across security domains
51.
© 2019 SPLUNK
INC. Adaptive Response Framework Correlation Search > AlertSearch > Alert
52.
© 2019 SPLUNK
INC. Adaptive Response Framework https://dev.splunk.com/view/enterprise-security/SP-CAAAFBE
53.
© 2019 SPLUNK
INC. Frameworks Enable Use Cases
54.
© 2019 SPLUNK
INC. ▶ Stay ahead of compliance mandates ▶ Quickly gain real-time posture and insights across all IT resources and security controls to clear compliance ▶ Pass audits with minimal effort, regardless of mandate or regulatory framework. Compliance ▶ Real-time state of risk, alerts, and compliance ▶ Full and continuous monitoring of critical assets ▶ Full visibility into vulnerabilities, asset/devices, context of threats and alerting ▶ Don't miss a thing with continuous and automated security monitoring that lets you respond 24/7 Security Monitoring
55.
© 2019 SPLUNK
INC. ▶ Detect compromised hosts and users ▶ Find activities associated with accounts and attackers involved in attacks ▶ Determine scope of user activities ▶ Find indicators and artifacts associated with compromised user hosts Advanced Threat Detection ▶ Identify real incidents and full-scope ▶ Gain investigation capability across all security relevant data ▶ Get context from popular Enterprise SaaS apps, correlate across SaaS and on-premises sources ▶ Gain thorough understanding on options to remediate a breach Incident Investigation, Forensics
56.
© 2019 SPLUNK
INC. ► Shorten investigation cycles - prioritize, confirm and take actions on higher priority threat. ► Use Investigation Workbench to investigate notable events that may represent a threat ► Leverage integration with existing capabilities - collaborate and track the investigation ► Quickly launch a response to critical incidents Incident Response ► Centrally automate retrieval, sharing and response actions resulting in improved detection, investigation and remediation times ► Improve operational efficiency using workflow-based context with automated and human-assisted decisions ► Extract new insight by leveraging context, sharing data and taking automated actions between ES and partners using Adaptive Response SOC Automation
57.
© 2019 SPLUNK
INC. 1. Use the Analytics-Driven SIEM to handle your security operations challenges 2. Use the Frameworks of Enterprise Security to solve your use cases 3. To schedule a hands-on workshop contact your sales executive Key Takeways
58.
© 2019 SPLUNK
INC. Q&A
Télécharger maintenant