Organizations today struggle with quickly and consistently applying behavior-based threat intelligence across their security tools. The hours needed to stitch together this information manually leave analysts unprepared to quickly turnaround questions from management about their vulnerability to threats that their management sees in the news. In this session we will demonstrate how to use Splunk Phantom to reduce that time lag by automating your threat hunts. Specifically, we will show you how to use Yet Another Recursive Algorithm (YARA) rules on endpoint and network security tools automatically and simultaneously. We will use a case study to show the benefits achieved from this playbook: better reporting, more robust procedures, faster time to detect malware variants, and generally more efficient and effective threat hunts.

Speaker(s)
Robb Mayeski, Security Automation Magician , EY
Will Burger, Security Automation Consultant, EY
Haris Shawl, EY

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1280.pdf?podcast=1577146234