Splunk Tech Talks
Deep-dives for technical practitioners.
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
New Article

Risk-Based Alerting & Enterprise Security

melissap
Splunk Employee
Splunk Employee
‎10-29-2020 09:18 AM

View our Tech Talk: Security Edition,  Risk-Based Alerting & Enterprise Security 

Historically, Security Operations Centers have been noisy places. Teams have worked endlessly to craft the ‘perfect’ correlation search, to no avail. As the volume of security alerts continued to grow, it has put a disproportionate amount of the workload on analysts, as their primary job function became triage related activities. Tune in to learn how Enterprise Security with native Risk-Based Alerting functionality addresses this issue. In a series of clicks, ES users can map against their preferred cybersecurity framework (e.g. MITRE ATT&CK), start aligning analytics to quantify their cybersecurity coverage, and watch the number of alerts plummet.  

Learn how to:

  • Improve true positive rates
  • Detect complex threats faster
  • Streamline investigations with richer context

Tech Talk discussions remain open for two weeks following the live Tech Talk event. 

Labels
0 Karma
6 Comments
nwuest
Path Finder
‎11-10-2020 11:38 PM

Hi @melissap,

Thanks to you and all those who put these valuable resources together and publish them for all of us who frequent these forums!
I will definitely share these posts with my co-workers.

V/R,
nwuest

0 Karma
melissap
Splunk Employee
Splunk Employee
‎11-11-2020 06:35 AM

@nwuest  You are so welcome! I am glad you find them valuable. Our experts are amazing here at Splunk. I will be posting a new article soon to gain feedback on additional topics our users would like to see. Please comment there so we can plan more Tech Talks!

0 Karma
Aquar5
New Member
‎07-07-2021 07:54 AM

@melissap Melissa, the slides are accessible, but I'm getting "Access Denied" when trying to load this particular video:
https://conf.splunk.com/files/2020/recordings/SEC1113A.mp4

I've tried re-logging to Splunk.com multiple times. Other videos work fine.

Can you please help?

0 Karma
melissap
Splunk Employee
Splunk Employee
‎07-08-2021 09:23 AM

@Aquar5 

I have put in a request to the Conf team to fix that link. I will let you know when I hear back. 

0 Karma
Doreluss
Loves-to-Learn Lots
‎10-12-2023 01:44 PM

@melissap  

In Splunk, you can create reoccurring notable events and turn them into informational events by configuring notable event settings and using Splunk's alerting and workflow features. Notable events are events that are identified as significant or noteworthy based on predefined criteria, and you can configure them to be informational for monitoring purposes. 

 

Thats the question I have as of right due to having so much alerts pertaining to a particular alert , however Im going to review the links you provided earlier in this chat. If I have any questions I will reach out to you. Meanwhile, thanks for the information.

0 Karma
Contributors
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...