Sign up to save your podcasts
Or
Share ATT&CK™ing Linux with SPL [Splunk Enterprise, Splunk Enterprise Security]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [Enterprise] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/927263/logo_300x300.png){kind=logo}
ATT&CK™ing Linux with SPL [Splunk Enterprise, Splunk Enterprise Security]
In this session we will discuss using Splunk to detect a range of Linux-based adversary techniques from MITRE’s ATT&CK™ framework. We will also demonstrate how event sequencing can be used to map a path through the ATT&CK™ matrix and improve overall detection fidelity. We will provide auditd configuration suggestions for Linux endpoints to support greater coverage.
Speaker(s)
Doug Brown, Senior Information Security Analyst, Red Hat
Doug Brown, Senior Information Security Analyst, Red Hat
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1156.pdf?podcast=1577146228
View all episodes
By SplunkIn this session we will discuss using Splunk to detect a range of Linux-based adversary techniques from MITRE’s ATT&CK™ framework. We will also demonstrate how event sequencing can be used to map a path through the ATT&CK™ matrix and improve overall detection fidelity. We will provide auditd configuration suggestions for Linux endpoints to support greater coverage.
Speaker(s)
Doug Brown, Senior Information Security Analyst, Red Hat
Doug Brown, Senior Information Security Analyst, Red Hat
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1156.pdf?podcast=1577146228