Sign up to save your podcasts
Or
Share Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [Business Flow] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/930306/logo_300x300.png){kind=logo}
Splunking the Endpoint V: Hands On with BOTSv4 Data [Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor]
Initial compromises happen on your endpoints, so why are you not Splunking them? In this edition of Splunking The Endpoint, we will tell you exactly what to configure in Splunk, and where, why, and how to do so in order to get unparalleled visibility into threats targeting your network. Not only will we revisit popular operating system and open-source endpoint data sources like Sysmon and Osquery, but we'll also talk about various popular commercial EDR products and give you best practices for collecting data from them. Lastly, we'll help you address any doubts about scale problems and licensing costs.Please bring your laptop! We will dive through the latest Boss of the SOC (BOTS) endpoint data and demonstrate the detection techniques needed to answer BOTS questions. Everything you learn will be something you can take home and put into production immediately.
Speaker(s)
James Brodsky, Director, Global Security Kittens, Splunk
James Brodsky, Director, Global Security Kittens, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2007.pdf?podcast=1577146248
View all episodes
By SplunkInitial compromises happen on your endpoints, so why are you not Splunking them? In this edition of Splunking The Endpoint, we will tell you exactly what to configure in Splunk, and where, why, and how to do so in order to get unparalleled visibility into threats targeting your network. Not only will we revisit popular operating system and open-source endpoint data sources like Sysmon and Osquery, but we'll also talk about various popular commercial EDR products and give you best practices for collecting data from them. Lastly, we'll help you address any doubts about scale problems and licensing costs.Please bring your laptop! We will dive through the latest Boss of the SOC (BOTS) endpoint data and demonstrate the detection techniques needed to answer BOTS questions. Everything you learn will be something you can take home and put into production immediately.
Speaker(s)
James Brodsky, Director, Global Security Kittens, Splunk
James Brodsky, Director, Global Security Kittens, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2007.pdf?podcast=1577146248