The boss saw Ironman and wanted to create a JARVIS-like assistant for our SOC...so we built him one using Splunk. In this session we will share how we developed a Splunk virtual assistant to improve SOC efficiency and support the SOC 2.0 model of continual improvement. SOC JARVIS solves problems such as: How does a SOC manage its attack detection ideas and knowledge? How does an analyst understand the impact of their search changes on alert volumes? How does the SOC manage feedback between analysts and search authors? Learn how to use Splunk in a novel way to address these problems so that you can make your SOC workflows more efficient and let analysts spend more time threat hunting and improving how they detect attacks.

Speaker(s)
Jono Pagett, Head of Cyber Defence Centre, Bank of England
Peter Littler, Cyber Security Analyst, Bank of England

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1597.pdf?podcast=1577146214

Product: Splunk Enterprise

Track: Security, Compliance and Fraud

Level: Intermediate