Splunk Tech Talks
Deep-dives for technical practitioners.

Splunk SOAR Playbook – Malware Triage with Crowdstrike and Splunk Phantom

melissap
Splunk Employee
Splunk Employee

View our Tech Talk: Security Edition, Splunk SOAR Playbook – Malware Triage with Crowdstrike and Splunk Phantom 

 

Splunk SOAR Playbook – Malware Triage with Crowdstrike and Splunk Phantom
Video Player is loading.
Current Time 0:00
Duration 0:00
Loaded: 0%
Stream Type LIVE
Remaining Time 0:00
 
1x
    • Chapters
    • descriptions off, selected
    • captions off, selected
      (view in My Videos)

      As security teams navigate the movement to remote work and the transition to cloud-hosted infrastructure, endpoint visibility remains a high priority for just about everyone. Whether we are monitoring a server in AWS or a remote employee’s laptop, cloud-native endpoint security platforms like CrowdStrike remain a vital part of our infrastructure.

      However, the enhanced visibility and machine learning detections of a tool like CrowdStrike do have the potential to overwhelm our security operations centers with an overabundance of alerts. When these alerts pile up, analysts need a way to quickly gather more information related to the threat, determine the risk level and respond immediately. That’s when an automation and orchestration tool can save the day. Splunk Phantom is a SOAR tool that can orchestrate decisions and actions to more quickly investigate, triage and respond to this high volume of alerts and reduce the manual burden of repetitive analysis.

       The combination of Crowdstrike and Splunk Phantom allows for a smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds. 

      melissap
      Splunk Employee
      Splunk Employee

      Here are additional resources for your journey.

      1)Documentation

      Crowdstrike Falcon Splunk App User and Configuration Guide

      2)Splunkbase Apps

      Crowdstrike Apps

      3)Blog Posts

      Splunk SOAR Playbooks: Crowdstrike Malware Triage

      4) Splunk Phantom Answers Tag

      Get Updates on the Splunk Community!

      Mastering Data Pipelines: Unlocking Value with Splunk

       In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

      The Latest Cisco Integrations With Splunk Platform!

      Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

      AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

      Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...