Security: Get More Out of Your Security Practice with a SIEM - Part II (Advanced Use Cases) - Wed 8/21/24
| Updated on
Register here . This thread is for the Community Office Hours session with the Security topic: Get More Out of Your Security Practice with a SIEM - Part II (Advanced Use Cases) on Wed, Aug 21, 2024 at 1pm PT / 4pm ET.
This is your opportunity to connect with technical Splunk experts, who will guide you through solutions to your security use case questions and engage in live discussions about how to best leverage Splunk Enterprise Security as your SIEM solution. This session, Part II, will focus on adding context to your detections to fuel more meaningful investigations. We will focus on key use cases such as Risk-Based Alerting to prioritize alerts for faster response to more critical tasks, enriching threat context with threat intelligence, leveraging cyber frameworks to manage risks, and more. These use cases will help improve mean time to detect (MTTD) and mean time to response (MTTR).
In the session, you can discuss with our experts for
- What is the best approach to implementing the use cases in Enterprise Security?
- Best practices for proper creation of risk rules, modifiers, adaptive actions etc.
- Enhancing notable events and proactive threat hunting
- Suggested approaches to mapping cyber frameworks such as MITRE.
- Recommended Splunkbase apps
- Anything else you’d like to learn!
Please submit your questions at registration or as comments below. You can also head to the #office-hours user Slack channel to ask questions (request access here).
Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants.
Look forward to connecting!
