Security Jiujitsu

More documents

Recommendations

Info

Techniques – Common InformaEon Model tag=authenEcaEon | chart count over src by acEon | where success>0 AND failure>10 If you leverage Splunk’s Common InformaEon Model you can write one search across many products. The above search could cover twenty different products, all with matching field extracEons Most searches in this session will be based on the common informaEon model Try with the ES Sandbox! 16
Search Example Raw Search 71 Seconds With Data Model AcceleraEon 9.8 Seconds 17
Page 1 and 2: Copyright © 2015 Splunk Inc.
Page 3 and 4: Personal IntroducEon David Veuve
Page 5 and 6: For Each Scenario • Focus on
Page 7 and 8: Who Are You? 1. Security Engine
Page 9 and 10: Security CorrelaEon In Splunk
Page 11 and 12: Splunk CorrelaEon Rules Easy in
Page 13 and 14: Visibility, Analysis, AND AcEon
Page 15: CorrelaEon Across MulEple Source
Page 19 and 20: Techniques - Expand Base Search
Page 21 and 22: Techniques - The Other Stats S
Page 23 and 24: Techniques - Higher Confidence
Page 25 and 26: How Does it Scale? Tstats vers
Page 27 and 28: About Endpoint Logs Curious abo
Page 29 and 30: Privileged User Monitoring
Page 31 and 32: Visibility AuthenEcaEon Data Mod
Page 33 and 34: Analysis Alert when users who
Page 35 and 36: Analysis - Part Two -‐ Exa
Page 37 and 38: Analysis - Part Three (ES Spec
Page 39 and 40: Conquering Alert FaEgue
Page 41 and 42: Visibility A typical Eer one a
Page 43 and 44: Analysis Technique - StaEsEcal
Page 45 and 46: Analysis Technique - StaEsEcal
Page 47 and 48: Analysis Technique - Combine Mu
Page 49 and 50: Analysis Techniques - Machine L
Page 51 and 52: Threat Feeds
Page 53 and 54: Great Threat Feed Tools Enterpr
Page 55 and 56: But That’s Not all for Threa
Page 57 and 58: We Looked at a Lot of Things
Page 59 and 60: Give Me Feedback! Rate it in
Page 61 and 62: Appendix Network HunEng
Page 63 and 64: Techniques -‐ Frequency Unde
Page 65 and 66: Techniques -‐ Coherence Cohe
Page 67:
Analysis | tstats prestats=t su
show all

Security Jiujitsu

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?