Splunk Tech Talks
Deep-dives for technical practitioners.
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
New Article

Risk-Based Alerting & Enterprise Security

melissap
Splunk Employee
Splunk Employee
‎10-29-2020 09:18 AM

View our Tech Talk: Security Edition,  Risk-Based Alerting & Enterprise Security 

Historically, Security Operations Centers have been noisy places. Teams have worked endlessly to craft the ‘perfect’ correlation search, to no avail. As the volume of security alerts continued to grow, it has put a disproportionate amount of the workload on analysts, as their primary job function became triage related activities. Tune in to learn how Enterprise Security with native Risk-Based Alerting functionality addresses this issue. In a series of clicks, ES users can map against their preferred cybersecurity framework (e.g. MITRE ATT&CK), start aligning analytics to quantify their cybersecurity coverage, and watch the number of alerts plummet.  

Learn how to:

  • Improve true positive rates
  • Detect complex threats faster
  • Streamline investigations with richer context

Tech Talk discussions remain open for two weeks following the live Tech Talk event. 

Labels
0 Karma
6 Comments
nwuest
Path Finder
‎11-10-2020 11:38 PM

Hi @melissap,

Thanks to you and all those who put these valuable resources together and publish them for all of us who frequent these forums!
I will definitely share these posts with my co-workers.

V/R,
nwuest

0 Karma
melissap
Splunk Employee
Splunk Employee
‎11-11-2020 06:35 AM

@nwuest  You are so welcome! I am glad you find them valuable. Our experts are amazing here at Splunk. I will be posting a new article soon to gain feedback on additional topics our users would like to see. Please comment there so we can plan more Tech Talks!

0 Karma
Aquar5
New Member
‎07-07-2021 07:54 AM

@melissap Melissa, the slides are accessible, but I'm getting "Access Denied" when trying to load this particular video:
https://conf.splunk.com/files/2020/recordings/SEC1113A.mp4

I've tried re-logging to Splunk.com multiple times. Other videos work fine.

Can you please help?

0 Karma
melissap
Splunk Employee
Splunk Employee
‎07-08-2021 09:23 AM

@Aquar5 

I have put in a request to the Conf team to fix that link. I will let you know when I hear back. 

0 Karma
Doreluss
Loves-to-Learn Lots
‎10-12-2023 01:44 PM

@melissap  

In Splunk, you can create reoccurring notable events and turn them into informational events by configuring notable event settings and using Splunk's alerting and workflow features. Notable events are events that are identified as significant or noteworthy based on predefined criteria, and you can configure them to be informational for monitoring purposes. 

 

Thats the question I have as of right due to having so much alerts pertaining to a particular alert , however Im going to review the links you provided earlier in this chat. If I have any questions I will reach out to you. Meanwhile, thanks for the information.

0 Karma
Contributors
Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...