Hello Splunk Community!
In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat Research Team for the first time. This team of security content experts is dedicated to developing out-of-the-box detections to provide comprehensive visibility, empower accurate detection with contextual insights, and enhance operational efficiency. This ensures you can always stay ahead of threats. With our premium security solutions — Splunk Enterprise Security and Splunk SOAR — you can strengthen and unify your security operations, and reduce Mean Time to Respond.
We hosted two Office Hour sessions with the threat research experts:
The first session focused on Generative AI, where our experts @@James Young and Kumar Sharad discussed Splunk’s best practices for AI and common use cases for Splunk Enterprise Security and SOAR. They explored the integration of AI/ML into Splunk products and offered their recommendations on the approach. They delved into how Gen AI could support SOC processes, including threats, anomaly detection and more. The discussion also covered data privacy and sensitivity, topics of significant interest today!
The second session, led by our threat research experts @Jose Hernandez and @Michael Haag, centered on Threat Detection and Response Content. This session highlighted how to leverage the latest security content to automatically monitor your data for findings. Our experts began with the basics, sharing the best approach to getting started with security content, and then answered more specific questions, like the best automation achievable for creating incidents with BMC Remedy Ticketing Tool. @Michael provided a thorough demo on enabling and implementing security content at the session's end, which could be very helpful to optimizing your operational process.
To listen to conversations and find the answers for all these questions, feel free to check out our on-demand session recordings:
If you have any questions regarding these topics, please join our #office-hours Slack channel for further discussions. You’ll also find links to previous session Q&A decks and live recordings. If you are not yet a member of our splunk-usergroups workspace, you can request access here.
Missed the previous events? No worries! Subscribe to the Community Office Hours page to receive notifications for upcoming events, like Detecting Remote Code Executions with the Splunk threat research team on June 5th at 1pm PT/4pm ET! Join us and ask your questions directly to the experts!
Cheers!
