Sign up to save your podcasts
Or
Share Build Automated Decisions for Incident Response with Splunk Phantom [Splunk Enterprise, Phantom]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [Phantom] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/927195/logo_300x300.png){kind=logo}
Build Automated Decisions for Incident Response with Splunk Phantom [Splunk Enterprise, Phantom]
Incident response (IR) analysts are required to make multiple decisions on every alert and incident. Whether the decision is to escalate, respond, or to discard the alert, each one of those decisions is critical to protecting their environment. With the integration of SOAR platforms like Splunk Phantom into IR teams, many of those decisions can now be automated for analysts. These decisions can save hours of work for analysts and allow for focus on more critical alerts. However, there are still questions to answer before implementing these decisions. What data is needed to make confident decisions? Where in the process should these decisions be made? How can existing decisions be improved? How should new decisions be integrated? The General Electric IR team has worked to answer these questions by using Splunk Enterprise and Splunk Phantom. In this session, we will show how our team approached these questions, implemented solutions, and integrated decisions for our analysts to save time and focus their efforts.
Speaker(s)
Mark Cooke, Staff Incident Responder, GE
Mark Cooke, Staff Incident Responder, GE
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1446.pdf?podcast=1576909570
View all episodes
By SplunkIncident response (IR) analysts are required to make multiple decisions on every alert and incident. Whether the decision is to escalate, respond, or to discard the alert, each one of those decisions is critical to protecting their environment. With the integration of SOAR platforms like Splunk Phantom into IR teams, many of those decisions can now be automated for analysts. These decisions can save hours of work for analysts and allow for focus on more critical alerts. However, there are still questions to answer before implementing these decisions. What data is needed to make confident decisions? Where in the process should these decisions be made? How can existing decisions be improved? How should new decisions be integrated? The General Electric IR team has worked to answer these questions by using Splunk Enterprise and Splunk Phantom. In this session, we will show how our team approached these questions, implemented solutions, and integrated decisions for our analysts to save time and focus their efforts.
Speaker(s)
Mark Cooke, Staff Incident Responder, GE
Mark Cooke, Staff Incident Responder, GE
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1446.pdf?podcast=1576909570