In our ongoing series of .conf2014 #TBT highlights, we revisit David Veuve’s “Security Ninjutsu” presentation focused on using Splunk for Advanced Correlation, Anomaly Detection and Response Automation.
IT Operations, Security
Splunk’s analytical capabilities allow security users to leverage advanced correlation and anomaly detection moving beyond basic incident response. Splunk can also take action, ranging from integration with ticketing systems to automatic blocking and beyond. This session walks the audience through automated threat intelligence response, behavioral profiling, anomaly detection, and tracking an attack against the kill chain. Through each of the examples, David reviews the data, how to analyze it, and what actions could be taken, providing reusable examples for how to level up your security capabilities with Splunk software.
We look forward to sharing more of these over the course of the year as we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conferencee in Las Vegas in September.