Sign up to save your podcasts
Or
Share Building Behavioral Detections: Cross-Correlating Suspicious Activity with the MITRE ATT&CK™ Framework [Splunk Enterprise, Splunk Enterprise Security]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [Enterprise Security] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/926921/logo_300x300.png){kind=logo}
Building Behavioral Detections: Cross-Correlating Suspicious Activity with the MITRE ATT&CK™ Framework [Splunk Enterprise, Splunk Enterprise Security]
Advanced attackers that live off your land add insult to what can be very serious injury. In this session we'll show you how to use behavioral analysis to identify advanced attackers that evade traditional signature-based detection methods. We do so in our organization by using Splunk to combine insights from traditional data sources to detect activity across multiple phases of the MITRE ATT&CK™ framework. We'll focus on how to build queries tune them for your environment, and start catching these threat actors with behavioral detections as soon as you get back from .conf.
Speaker(s)
Haylee Mills, Security Engineer, Charles Schwab
Haylee Mills, Security Engineer, Charles Schwab
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1556.pdf?podcast=1577146233
View all episodes
By SplunkAdvanced attackers that live off your land add insult to what can be very serious injury. In this session we'll show you how to use behavioral analysis to identify advanced attackers that evade traditional signature-based detection methods. We do so in our organization by using Splunk to combine insights from traditional data sources to detect activity across multiple phases of the MITRE ATT&CK™ framework. We'll focus on how to build queries tune them for your environment, and start catching these threat actors with behavioral detections as soon as you get back from .conf.
Speaker(s)
Haylee Mills, Security Engineer, Charles Schwab
Haylee Mills, Security Engineer, Charles Schwab
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1556.pdf?podcast=1577146233