Watch Now

Who Should Attend: Splunk Administrators, Security Analysts, SOC Manager

As security teams navigate the movement to remote work and the transition to cloud-hosted infrastructure, endpoint visibility remains a high priority for just about everyone. Whether we are monitoring a server in AWS or a remote employee’s laptop, cloud-native endpoint security platforms like CrowdStrike remain a vital part of our infrastructure. However, the enhanced visibility and machine learning detections of a tool like CrowdStrike do have the potential to overwhelm our security operations centers with an overabundance of alerts. When these alerts pile up, analysts need a way to quickly gather more information related to the threat, determine the risk level and respond immediately. That’s when an automation and orchestration tool can save the day. Splunk Phantom is a SOAR tool that can orchestrate decisions and actions to more quickly investigate, triage and respond to this high volume of alerts and reduce the manual burden of repetitive analysis.

The combination of Crowdstrike and Splunk Phantom allows for a smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds.

Speaker:

Olivia Courtney

Product Marketing Specialist, Splunk






Tracking Fields

DO NOT EDIT

Event Fields

DO NOT EDIT
DO NOT EDIT
I agree to the Splunk Websites Terms and Conditions of Use.*
I agree to receive marketing communications by email, including educational materials, product and company announcements, and community event information, from Splunk Inc. and its Subsidiaries pursuant to the terms of Splunk’s Privacy Policy. I can unsubscribe at any time.