Watch Now
Risk Based Alerting at Machine Speed with Splunk Phantom
Security Operations Centers are being inundated with low-fidelity alerts, making it hard for analysts to respond in a timely manner. Day after day, this results in a pile up of abandoned cases. Splunk Enterprise Security, using Risk Based Alerting (RBA) functionality, reduces the quantity of alerts so you can focus on the threats that matter. The resulting high-fidelity alerts provide your team with valuable pieces of context to improve investigations that you need to respond to quickly.
That’s where Splunk Phantom comes in. Phantom’s SOAR capabilities combined with RBA allow you to quickly gather necessary context of a security event. A risk-based alert may contain any number of anomalous events correlated together. Phantom is used to investigate all of those anomalies simultaneously. Indicators of compromise like IPs, domains, URLs, and hashes can be queued up for automatic blocking. The risky device or user in your environment can also be automatically quarantined or disabled to buy investigators valuable time.
Tune in to this Tech Talk to learn how to:
-
Incorporate threat indicators to your RBA strategy
-
Build an extensible Phantom playbook framework for new use-cases
-
Automate analyst information gathering steps
Speakers:
Kelby Shelton
Consulting Sales Engineer, Splunk
Consulting Sales Engineer, Splunk
Kelby is a Consulting Solutions Engineer with Splunk. In his current role, he assists customers with solving complex security challenges using the Splunk Security Suite. He has been in the security industry for 5+ years and worked with customers in multiple verticals, both large and small. In his previous role as an Incident Response Engineer at a Children’s Hospital, he implemented Risk-Based Alerting (RBA) systems using Splunk Enterprise Security and Phantom. You can find Kelby on LinkedIn https://www.linkedin.com/in/kelby-shelton/
Olivia Courtney
Security Product Marketing Specialist, Splunk
Security Product Marketing Specialist, Splunk
Olivia is a Product Marketing Specialist with a focus on Splunk Phantom, Splunk Mission Control, and the Splunk Security Partner Ecosystem. Olivia has 4+ years of marketing experience, 3 years in television news and 1 year in product marketing. When she’s not working on the latest and greatest with Splunk Security, you can find her at the nearest winery, boxing class, or country music concert. You can find Olivia on LinkedIn https://www.linkedin.com/in/oliviacourtney/