Test Your SIEM with Splunk’s Attack Data Repository

melissap · ‎11-19-2020

View our Tech Talk: Security Edition, Test Your SIEM with Splunk’s Attack Data Repository.

(view in My Videos)

Splunk Enterprise Security contains the repository of correlation searches for your organization. When a potential threat is spotted, your SIEM leverages these correlation searches to mobilize the necessary resources to investigate and remediate threats. As threat actors’ techniques continue to adapt and evolve, your searches must do the same.

Tune in to this Tech Talk to learn how your organization can use attack datasets to evaluate the strengths and weaknesses of your SIEM correlation searches. Attack datasets consist of real datasets with real attacks generated by the attack_range. These datasets are broken down by techniques and tactics according to the MITRE ATT&CK matrix.

melissap · ‎12-01-2020

Here is a q&a from the live session. Enjoy.

Q: Are you looking to add more attack datasets related to additional Mitre T-codes?

A: Yes we are all the time adding new attack data when we develop new detections. We are also planning to put the files into GitHub Larfe File System instead of AWS S3.

melissap · ‎12-01-2020

Here are additional resources for your journey.

Github Links:

Attack Range: https://github.com/splunk/attack_range
Attack Data: https://github.com/splunk/attack_data
Security Content: https://github.com/splunk/security-content

.conf session

SEC1392C - Simulated Adversary Techniques Datasets for Splunk

Documentation

Test Your SIEM with Splunk’s Attack Data Repository

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk