Sign up to save your podcasts
Or
Share Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [All Products] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/922230/logo_300x300.png){kind=logo}
Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]
Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats.
Speaker(s)
Phil Royer, Research Engineer, Splunk
Rod Soto, Principal Security Research Engineer, Splunk
Phil Royer, Research Engineer, Splunk
Rod Soto, Principal Security Research Engineer, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146226
Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom
Track: Security, Compliance and Fraud
Level: Advanced
View all episodes
By SplunkObtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats.
Speaker(s)
Phil Royer, Research Engineer, Splunk
Rod Soto, Principal Security Research Engineer, Splunk
Phil Royer, Research Engineer, Splunk
Rod Soto, Principal Security Research Engineer, Splunk
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146226
Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom
Track: Security, Compliance and Fraud
Level: Advanced