Sign up to save your podcasts
Or
Share Lessons Learned From Building a Threat Detection Program [Splunk Enterprise, Splunk Enterprise Security, AI/ML]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/930233/logo_300x300.png){kind=logo}
Lessons Learned From Building a Threat Detection Program [Splunk Enterprise, Splunk Enterprise Security, AI/ML]
We will share experiences and best practices for implementing notable events, the various Splunk Enterprise Security frameworks, and adaptive response actions, and we'll share our approach for building a program to consistently develop, measure, and iterate on correlation searches. We will discuss how to integrate lessons learned from incidents, red team engagements, threat intelligence, threat hunting, and requirements from business units into the program. Example tactics we'll cover include leveraging low-fidelity detections to develop higher-fidelity and higher-value ones, managing detection content simply and easily through macros, and building a formula to assess the efficacy of your detection content.
Speaker(s)
Chris Ogden, Principal Threat Detection Engineer, Sony Corporation of America
Drew Guarino, Senior Threat Detection Engineer, Sony Corporation of America
Chris Ogden, Principal Threat Detection Engineer, Sony Corporation of America
Drew Guarino, Senior Threat Detection Engineer, Sony Corporation of America
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1674.pdf?podcast=1577146258
View all episodes
By SplunkWe will share experiences and best practices for implementing notable events, the various Splunk Enterprise Security frameworks, and adaptive response actions, and we'll share our approach for building a program to consistently develop, measure, and iterate on correlation searches. We will discuss how to integrate lessons learned from incidents, red team engagements, threat intelligence, threat hunting, and requirements from business units into the program. Example tactics we'll cover include leveraging low-fidelity detections to develop higher-fidelity and higher-value ones, managing detection content simply and easily through macros, and building a formula to assess the efficacy of your detection content.
Speaker(s)
Chris Ogden, Principal Threat Detection Engineer, Sony Corporation of America
Drew Guarino, Senior Threat Detection Engineer, Sony Corporation of America
Chris Ogden, Principal Threat Detection Engineer, Sony Corporation of America
Drew Guarino, Senior Threat Detection Engineer, Sony Corporation of America
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1674.pdf?podcast=1577146258