To secure the modern endpoint, you need sufficient data, the right visibility and analysis, and the technology necesary to stop an intrusion. We will leverage BOTSv4 data in this session to help you test and validate Splunk use cases related to hunting threats using endpoint data. We’ll cover several real world case studies as described in MITRE ATT&CK™, and we will simulate adversary groups by executing a single Atomic test and building an elaborate chain reaction. We will then show you in Splunk how to confirm your data quality and confirm you have what you need to detect and evict an adversary from your environment. We will demonstrate practical hunt techniques using BOTSv4 data and how to raise the flag when data is missing or is not required.

Speaker(s)
Michael Haag, Director of Advanced Threat Detection, Red Canary

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1952.pdf?podcast=1577146215

Product: Splunk Enterprise, Splunk Cloud

Track: Security, Compliance and Fraud

Level: Good for all skill levels