This year, more than 29,000 people from all over the world came, saw and .confed for Splunk’s first all-virtual .conf extravaganza. But with 200+ sessions to choose from — including more than three dozen in the security track alone — there’s enough learning to stay busy for a while yet. To help you prioritize, we’ve rounded up the top security sessions, all available for easy online viewing so you can keep up with the latest tools to address alert fatigue, anomaly detection and more.
- SEC1391C - Full Speed Ahead with Risk-Based Alerting (RBA)
Take a Vulcan-level approach to the business of SOC with risk-based alerting (RBA). In this session, learn about the recent evolution of RBA and how the concept of a Threat Object has been integrated alongside Risk Object. You’ll also get to delve into new Splunk Enterprise Security (ES) additions, and how ES can empower your team. Spock would be proud.
- Anomaly Detection and Insider Threat Hunting with Splunk UBA
Learn how machine learning can help your security team with some of the heavy lifting via Splunk User Behavior Analytics (UBA). In this session, viewers see how UBA can help track a threat and an anomaly through an entire environment using real data from a Boss of the SOC scenario. Info on further learning resources to round out the tutorial are available during the presentation, too.
- How to Unify your Security Tools with Splunk Mission Control
The countdown is on to say goodbye to “swivel chair” security. This session is for folks looking to integrate their entire security infrastructure so they can not only analyze and respond to threats faster but also make security decisions more efficiently. Prepare for blast-off as you learn how Splunk Mission Control allows you the flexibility to integrate your own security tools with a robust set of framework plug-ins and unify your security defenses in a common work surface. It’ll be all systems go in no time.
Bring data to every security challenge with these resources from .conf20.