Splunk Tech Talks
Deep-dives for technical practitioners.

Operationalize MITRE ATT&CK™ with Risk Based Alerting (RBA)

melissap
Splunk Employee
Splunk Employee

View our Tech Talk: Security Edition, Operationalize MITRE ATT&CK™ with Risk Based Alerting (RBA).  Risk Based Alerting introduces a layer of abstraction between the detection analytics and the alerting process while aligning with the MITRE ATT&CK™ framework to account for user/system/service specific context when scoring anomalous behavior. 

 

(view in My Videos)

Tune in to learn about how Splunk Risk Based Alerting allows you:

  • To scale existing analysts to include more data/analytics
  • Increase your true positive rates
  • Improve the effectiveness of your SOC

Tech Talk discussions remain open for two weeks following the live Tech Talk event. Have more questions? Check out our  MITRE ATT&CK conversations in Splunk Answers community for more!

Contributors
Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...