Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats.

Speaker(s)
 Phil Royer, Research Engineer, Splunk
 Rod Soto, Principal Security Research Engineer, Splunk
 


Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146259

Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response  [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides

Technology

Tech News

Podcasting

Gadgets

Software How-To

Data

Splunk

Hey mad scientist, why so angry? Learn how Splunk is rethinking experiments in the Machine Learning Toolkit (MLTK) to make your life easier. Find out how we're changing the experiment workflow to reflect real-world usage of the MLTK, and make it easier for people new to the MLTK to get up and running. Strap on your safety goggles and let's get experimenting! 

Speaker(s)
 Gyanendra Rana, Senior Product Manager, Splunk
 Ryan Oriecuia, Principal Software Developer, Splunk
 


Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1553.pdf?podcast=1577146259

The New Experiment Experience in the Splunk Machine Learning Toolkit [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

This presentation will discuss how Security Operation Centers (SOCs) will need to change to meet the cybersecurity challenges of the 2020s. The speaker will draw on his experience as a founder of the first SOC-as-a-Service company that delivers managed security services using Splunk. Most industry analysts envision that the next generation of SOCs will leverage AI, Big Data, and the Cloud, but how far can automation take us and is the concept of an autonomous SOC really practical? How will the SOC of the Future address the global shortage of cyber professionals? How will the role of security analysts need to change? Will the SOC of the Future still need to be housed in dedicated physical facilities? The speaker will provide a blueprint of Proficio’s vision of the SOC of the Future using Splunk and provide a playbook for IT leaders and aspiring IT leaders on how to drive continuous improvement in productivity and measurable outcomes.

Speaker(s)
 Brad Taylor, Proficio
 


Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2839.pdf?podcast=1577146259

The SOC of the Future [Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics]

Tired of relying on static threshold-based alerts that don’t seem to provide much value? Do you typically end up finding outliers in your data by staring at lines on your dashboards? We are told machine learning is going make alerts and dashboards smarter, but how? We will help demystify machine learning and provide a practical guide to apply machine learning techniques for numeric outlier detection, and forecasting to make alerts and dashboards smarter and easier to use for actionable results. We will show you the basics of how you can understand your data, get them ready for machine learning, and get the machine to start working for you! You will leave the session beginning to think like a data scientist and knowing how to apply purpose-driven machine learning to your searches in Splunk! 

Speaker(s)
 Eurus Kim, Staff ML Architect, Splunk
 Amir Malekpour, Principal Software Engineer, Machine Learning, Splunk
 


Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1213.pdf?podcast=1577146259

The Two Most Common Machine Learning Solutions Everyone Needs to Know [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

Deception, automation, and real-time data exploitation help security organizations go on offense vs attackers. In this session we will discuss how to use a variety of deception techniques to gather threat intelligence, how to create an automated response, and how to test response playbooks to validate that responses work as expected. 

Speaker(s)
 Vincent Urias, Researcher, Sandia National Laboratories
 Will Stout, Researcher, Sandia National Laboratories
 


Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2203.pdf?podcast=1577146259

Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

Paychex’s goal of providing the best user experience for our clients has led to a significant investment in performance testing and monitoring of our applications. Currently all Paychex applications record the execution time for every task and subtask to logs. These are indexed by Splunk, allowing us to identifying areas where changes to code and database queries will have a positive impact on the overall user experience. This presentation will focus on combining this user experience data with client demographic data (such as the number of active employees) and using the Splunk Machine Learning Toolkit to build predictive models of user experience based on client demographic data. 

Speaker(s)
 Ken Tupper, Lead Performance Engineer, Paychex
 


Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1631.pdf?podcast=1577146259

Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Download our free app to listen on your phone