Splunk's Incident Management Framework is used extensively in support of the notable event creation, and it serves as a bridge that associates the Risk, Asset & Identity, and Threat frameworks together. In this session we will discuss how incident management functions, what occurs behind the scenes to prepare events that are correlated, and how to present correlated events to analysts. Attendees will leave this talk with a greater understanding of the Incident Management Framework and methods to work more effectively with it within Splunk Enterprise Security.

Speaker(s)
John Stoner, Principal Security Strategist, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1544.pdf?podcast=1577146233