SlideShare a Scribd company logo

SFBA_SUG_2023-08-02.pdf

B
Becky Burwell

SFBA Splunk Usergroup meeting August 2, 2023: Recorded Future Integration for Splunk

Data & Analytics
1 of 10
Download to read offline
Splunk User Group 2023-08-02, San Francisco Bay Area
“Automation is extremely important to us… it’s not about IOCs,detections,or alerts,it’s about something we can act on, prevent,and respond to.” – Timothy Lee, CISO for the City of Los Angeles
What is Threat Intelligence? Recorded Future defines ‘Threat Intelligence’ as data collected and indexed from sources including dark web, open web, technical, customer telemetry etc., that has been organized, analyzed and delivered to understand the threat landscape including threat actors, the malicious infrastructure they are building, their tactics, behaviors, and targets. From coarse-grained to fine-grained data bits and blocks Integrations Modules Actionable Channels Analyze Organize Deliver Intelligence GraphTM Technical Sources Open Web Sources Dark Web Sources Insikt Group® Research Customer Signals
Data Science Ontology & LLMs ● Largest Intelligence Graph built from 100+TB of text, images and technical data ● Largest NLP tagged OSINT for cyber, geopolitics and more ● Largest holdings of criminal darkweb & messaging data ● Largest global company cyber ontology for internet-facing attack surfaces ● Largest community of intelligence users ● First Intelligence provider to integrate Large Language Models
The Intelligence Cycle Faster, more confident speed-to-knowledge Threat Intelligence enables organizations to make faster and effective data-driven security decisions and shift from being reactive to proactive in defending their critical assets from attackers. Processing Planning and Direction Collection Analysis and Production Dissemination and Feedback Planning and Direction Analysis and Production Dissemination and Feedback Traditional Intelligence Cycle Intelligence Cycle With Machine Speed Collection and Processing More sources/data Linguistics Ontologies
Intelligence in Action with Splunk Accelerating existing workflows Your Security Team How can I automate SOC processes to streamline manual processes? Can I eliminate repetitive, manual work? How can I get out of reaction mode? What do I know about this IOC? Is this a malicious file? What should I be paying attention to first? What is the biggest risk in my environment? Prioritize What types of security control gaps do I have? How can I better protect my organization from potential attacks? Investigate Automate Strategize
Intelligence in Action with Splunk Splunk Recorded Future Integration Alignment Building an essential security foundation - Security monitoring - Incident management Splunk Enterprise and Splunk ES ● Threat detection and monitoring of Recorded Future alerts ● Correlation with Recorded Future risk lists ● Enrichment of IOCs in Splunk Enterprise Advanced analytics & investigations - Advanced threat detection - Threat hunting - Incident management Splunk Enterprise ● Sigma Rules Splunk Enterprise Security ● Risk-based alerting ● Notable events with enrichment Unified security operations - Automation & orchestration Splunk SOAR Sub-playbooks for ease of use ● Enrichment ● Sandbox detonation ● Threat hunting ● Custom workflows How intelligence-led security achieves positive outcomes
Splunk + Recorded Future Datasheets https://splunkbase.splunk.com/app/4920 https://go.recordedfuture.com/hubfs/data-sheets/splunk.pdf https://go.recordedfuture.com/hubfs/data-sheets/splunk-soar.pdf
Splunk + Recorded Future Case Studies https://go.recordedfuture.com/hubfs/case-studies/nkom.pdf https://go.recordedfuture.com/hubfs/case-studies/nov.pdf https://go.recordedfuture.com/hubfs/case-studies/daimler-case-study.pdf
Demonstration

Recommended

Splunk for security
Splunk for securitySplunk for security
Splunk for security
Greg Hanchin
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
abhisheksinghcs
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
Karl Kispert
 
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your PartnerPartner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Amazon Web Services
 
Infosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat IntelligenceInfosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat Intelligence
Splunk
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
Priyanka Aash
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 

Recommended

Splunk for security
Splunk for securitySplunk for security
Splunk for security
Greg Hanchin
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
abhisheksinghcs
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
Karl Kispert
 
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your PartnerPartner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Amazon Web Services
 
Infosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat IntelligenceInfosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat Intelligence
Splunk
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
Priyanka Aash
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
Threat intelligence minority report
Threat intelligence minority reportThreat intelligence minority report
Threat intelligence minority report
Eliahu (Eli) Assif (Amar)
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
Splunk
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security Operations
Napier University
 
SplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for SecuritySplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for Security
Splunk
 
SplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for SecuritySplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for Security
Splunk
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
Gabrielle Knowles
 
What makes OSINT Methodologies Vital for Penetration Testing?
What makes OSINT Methodologies Vital for Penetration Testing?What makes OSINT Methodologies Vital for Penetration Testing?
What makes OSINT Methodologies Vital for Penetration Testing?
Zoe Gilbert
 
How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber Security
Saqib Chaudhry
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Webinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionWebinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM Solution
JK Tech
 
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Anton Chuvakin
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys?
SITA
 
BISS - 11nov2011
BISS - 11nov2011BISS - 11nov2011
BISS - 11nov2011
Agora Group
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wp
CMR WORLD TECH
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM Gap
Eric Johansen, CISSP
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
TI Safe
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threat
Greg Hanchin
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
Splunk
 
Top Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdfTop Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdf
infosec train
 
SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024
Becky Burwell
 
SFBA Splunk Usergroup meeting December 14, 2023
SFBA Splunk Usergroup meeting December 14, 2023SFBA Splunk Usergroup meeting December 14, 2023
SFBA Splunk Usergroup meeting December 14, 2023
Becky Burwell
 

More Related Content

Similar to SFBA_SUG_2023-08-02.pdf

SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
Splunk
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
BISS - 11nov2011
BISS - 11nov2011BISS - 11nov2011
BISS - 11nov2011
Agora Group
 

Similar to SFBA_SUG_2023-08-02.pdf (20)

Threat intelligence minority report
Threat intelligence minority reportThreat intelligence minority report
Threat intelligence minority report
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security Operations
 
SplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for SecuritySplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for Security
 
SplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for SecuritySplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for Security
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
 
What makes OSINT Methodologies Vital for Penetration Testing?
What makes OSINT Methodologies Vital for Penetration Testing?What makes OSINT Methodologies Vital for Penetration Testing?
What makes OSINT Methodologies Vital for Penetration Testing?
 
How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber Security
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Webinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM SolutionWebinar - Feel Secure with revolutionary OTM Solution
Webinar - Feel Secure with revolutionary OTM Solution
 
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 BoothHey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
Hey SOC, Look LEFT! by Anton Chuvakin RSA 2023 Booth
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys?
 
BISS - 11nov2011
BISS - 11nov2011BISS - 11nov2011
BISS - 11nov2011
 
Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wp
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM Gap
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threat
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Top Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdfTop Cyber Threat Intelligence Tools in 2021.pdf
Top Cyber Threat Intelligence Tools in 2021.pdf
 

More from Becky Burwell

More from Becky Burwell (13)

SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024SFBA Splunk Usergroup meeting March 13, 2024
SFBA Splunk Usergroup meeting March 13, 2024
 
SFBA Splunk Usergroup meeting December 14, 2023
SFBA Splunk Usergroup meeting December 14, 2023SFBA Splunk Usergroup meeting December 14, 2023
SFBA Splunk Usergroup meeting December 14, 2023
 
SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023
 
SFBA Splunk User Group Meeting February 2023
SFBA Splunk User Group Meeting February 2023SFBA Splunk User Group Meeting February 2023
SFBA Splunk User Group Meeting February 2023
 
SFBA Splunk Usergroup meeting December 2022
SFBA Splunk Usergroup meeting December 2022SFBA Splunk Usergroup meeting December 2022
SFBA Splunk Usergroup meeting December 2022
 
SFBA Usergroup meeting November 2, 2022
SFBA Usergroup meeting November 2, 2022SFBA Usergroup meeting November 2, 2022
SFBA Usergroup meeting November 2, 2022
 
SF Bay Area Splunk User Group Meeting October 5, 2022
SF Bay Area Splunk User Group Meeting October 5, 2022SF Bay Area Splunk User Group Meeting October 5, 2022
SF Bay Area Splunk User Group Meeting October 5, 2022
 
SFBA Splunk User Group Meeting August 10, 2022
SFBA Splunk User Group Meeting August 10, 2022SFBA Splunk User Group Meeting August 10, 2022
SFBA Splunk User Group Meeting August 10, 2022
 
SFBA Splunk Usergroup meeting July 13, 2022
SFBA Splunk Usergroup meeting July 13, 2022SFBA Splunk Usergroup meeting July 13, 2022
SFBA Splunk Usergroup meeting July 13, 2022
 
designing-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdf
designing-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdfdesigning-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdf
designing-resilient-cloud-native-splunk-arch-in-aws-austin-rose.pdf
 
Splunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilsonSplunking configfiles 20211208_daniel_wilson
Splunking configfiles 20211208_daniel_wilson
 
Getting Started with Splunk Observability September 8, 2021
Getting Started with Splunk Observability September 8, 2021Getting Started with Splunk Observability September 8, 2021
Getting Started with Splunk Observability September 8, 2021
 
Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...
Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...
Advanced Outlier Detection and Noise Reduction with Splunk & MLTK August 11, ...
 

Recently uploaded

Exploratory Data Analysis - Dilip S.pptx
Exploratory Data Analysis - Dilip S.pptxExploratory Data Analysis - Dilip S.pptx
Exploratory Data Analysis - Dilip S.pptx
DilipVasan
 
一比一原版阿德莱德大学毕业证成绩单如何办理
一比一原版阿德莱德大学毕业证成绩单如何办理一比一原版阿德莱德大学毕业证成绩单如何办理
一比一原版阿德莱德大学毕业证成绩单如何办理
pyhepag
 
一比一原版纽卡斯尔大学毕业证成绩单如何办理
一比一原版纽卡斯尔大学毕业证成绩单如何办理一比一原版纽卡斯尔大学毕业证成绩单如何办理
一比一原版纽卡斯尔大学毕业证成绩单如何办理
cyebo
 
一比一原版西悉尼大学毕业证成绩单如何办理
一比一原版西悉尼大学毕业证成绩单如何办理一比一原版西悉尼大学毕业证成绩单如何办理
一比一原版西悉尼大学毕业证成绩单如何办理
pyhepag
 
Fuzzy Sets decision making under information of uncertainty
Fuzzy Sets decision making under information of uncertaintyFuzzy Sets decision making under information of uncertainty
Fuzzy Sets decision making under information of uncertainty
RafigAliyev2
 
一比一原版(Monash毕业证书)莫纳什大学毕业证成绩单如何办理
一比一原版(Monash毕业证书)莫纳什大学毕业证成绩单如何办理一比一原版(Monash毕业证书)莫纳什大学毕业证成绩单如何办理
一比一原版(Monash毕业证书)莫纳什大学毕业证成绩单如何办理
pyhepag
 
一比一原版麦考瑞大学毕业证成绩单如何办理
一比一原版麦考瑞大学毕业证成绩单如何办理一比一原版麦考瑞大学毕业证成绩单如何办理
一比一原版麦考瑞大学毕业证成绩单如何办理
cyebo
 

Recently uploaded (20)

2024 Q2 Orange County (CA) Tableau User Group Meeting
2024 Q2 Orange County (CA) Tableau User Group Meeting2024 Q2 Orange County (CA) Tableau User Group Meeting
2024 Q2 Orange County (CA) Tableau User Group Meeting
 
Data analytics courses in Nepal Presentation
Data analytics courses in Nepal PresentationData analytics courses in Nepal Presentation
Data analytics courses in Nepal Presentation
 
Machine Learning for Accident Severity Prediction
Machine Learning for Accident Severity PredictionMachine Learning for Accident Severity Prediction
Machine Learning for Accident Severity Prediction
 
basics of data science with application areas.pdf
basics of data science with application areas.pdfbasics of data science with application areas.pdf
basics of data science with application areas.pdf
 
How I opened a fake bank account and didn't go to prison
How I opened a fake bank account and didn't go to prisonHow I opened a fake bank account and didn't go to prison
How I opened a fake bank account and didn't go to prison
 
Exploratory Data Analysis - Dilip S.pptx
Exploratory Data Analysis - Dilip S.pptxExploratory Data Analysis - Dilip S.pptx
Exploratory Data Analysis - Dilip S.pptx
 
一比一原版阿德莱德大学毕业证成绩单如何办理
一比一原版阿德莱德大学毕业证成绩单如何办理一比一原版阿德莱德大学毕业证成绩单如何办理
一比一原版阿德莱德大学毕业证成绩单如何办理
 
一比一原版纽卡斯尔大学毕业证成绩单如何办理
一比一原版纽卡斯尔大学毕业证成绩单如何办理一比一原版纽卡斯尔大学毕业证成绩单如何办理
一比一原版纽卡斯尔大学毕业证成绩单如何办理
 
一比一原版西悉尼大学毕业证成绩单如何办理
一比一原版西悉尼大学毕业证成绩单如何办理一比一原版西悉尼大学毕业证成绩单如何办理
一比一原版西悉尼大学毕业证成绩单如何办理
 
Easy and simple project file on mp online
Easy and simple project file on mp onlineEasy and simple project file on mp online
Easy and simple project file on mp online
 
Fuzzy Sets decision making under information of uncertainty
Fuzzy Sets decision making under information of uncertaintyFuzzy Sets decision making under information of uncertainty
Fuzzy Sets decision making under information of uncertainty
 
2024 Q1 Tableau User Group Leader Quarterly Call
2024 Q1 Tableau User Group Leader Quarterly Call2024 Q1 Tableau User Group Leader Quarterly Call
2024 Q1 Tableau User Group Leader Quarterly Call
 
一比一原版(Monash毕业证书)莫纳什大学毕业证成绩单如何办理
一比一原版(Monash毕业证书)莫纳什大学毕业证成绩单如何办理一比一原版(Monash毕业证书)莫纳什大学毕业证成绩单如何办理
一比一原版(Monash毕业证书)莫纳什大学毕业证成绩单如何办理
 
一比一原版麦考瑞大学毕业证成绩单如何办理
一比一原版麦考瑞大学毕业证成绩单如何办理一比一原版麦考瑞大学毕业证成绩单如何办理
一比一原版麦考瑞大学毕业证成绩单如何办理
 
Pre-ProductionImproveddsfjgndflghtgg.pptx
Pre-ProductionImproveddsfjgndflghtgg.pptxPre-ProductionImproveddsfjgndflghtgg.pptx
Pre-ProductionImproveddsfjgndflghtgg.pptx
 
Supply chain analytics to combat the effects of Ukraine-Russia-conflict
Supply chain analytics to combat the effects of Ukraine-Russia-conflictSupply chain analytics to combat the effects of Ukraine-Russia-conflict
Supply chain analytics to combat the effects of Ukraine-Russia-conflict
 
Atlantic Grupa Case Study (Mintec Data AI)
Atlantic Grupa Case Study (Mintec Data AI)Atlantic Grupa Case Study (Mintec Data AI)
Atlantic Grupa Case Study (Mintec Data AI)
 
Generative AI for Trailblazers_ Unlock the Future of AI.pdf
Generative AI for Trailblazers_ Unlock the Future of AI.pdfGenerative AI for Trailblazers_ Unlock the Future of AI.pdf
Generative AI for Trailblazers_ Unlock the Future of AI.pdf
 
Artificial_General_Intelligence__storm_gen_article.pdf
Artificial_General_Intelligence__storm_gen_article.pdfArtificial_General_Intelligence__storm_gen_article.pdf
Artificial_General_Intelligence__storm_gen_article.pdf
 
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPs
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPsWebinar One View, Multiple Systems No-Code Integration of Salesforce and ERPs
Webinar One View, Multiple Systems No-Code Integration of Salesforce and ERPs
 

SFBA_SUG_2023-08-02.pdf

  • 1. Splunk User Group 2023-08-02, San Francisco Bay Area
  • 2. “Automation is extremely important to us… it’s not about IOCs,detections,or alerts,it’s about something we can act on, prevent,and respond to.” – Timothy Lee, CISO for the City of Los Angeles
  • 3. What is Threat Intelligence? Recorded Future defines ‘Threat Intelligence’ as data collected and indexed from sources including dark web, open web, technical, customer telemetry etc., that has been organized, analyzed and delivered to understand the threat landscape including threat actors, the malicious infrastructure they are building, their tactics, behaviors, and targets. From coarse-grained to fine-grained data bits and blocks Integrations Modules Actionable Channels Analyze Organize Deliver Intelligence GraphTM Technical Sources Open Web Sources Dark Web Sources Insikt Group® Research Customer Signals
  • 4. Data Science Ontology & LLMs ● Largest Intelligence Graph built from 100+TB of text, images and technical data ● Largest NLP tagged OSINT for cyber, geopolitics and more ● Largest holdings of criminal darkweb & messaging data ● Largest global company cyber ontology for internet-facing attack surfaces ● Largest community of intelligence users ● First Intelligence provider to integrate Large Language Models
  • 5. The Intelligence Cycle Faster, more confident speed-to-knowledge Threat Intelligence enables organizations to make faster and effective data-driven security decisions and shift from being reactive to proactive in defending their critical assets from attackers. Processing Planning and Direction Collection Analysis and Production Dissemination and Feedback Planning and Direction Analysis and Production Dissemination and Feedback Traditional Intelligence Cycle Intelligence Cycle With Machine Speed Collection and Processing More sources/data Linguistics Ontologies
  • 6. Intelligence in Action with Splunk Accelerating existing workflows Your Security Team How can I automate SOC processes to streamline manual processes? Can I eliminate repetitive, manual work? How can I get out of reaction mode? What do I know about this IOC? Is this a malicious file? What should I be paying attention to first? What is the biggest risk in my environment? Prioritize What types of security control gaps do I have? How can I better protect my organization from potential attacks? Investigate Automate Strategize
  • 7. Intelligence in Action with Splunk Splunk Recorded Future Integration Alignment Building an essential security foundation - Security monitoring - Incident management Splunk Enterprise and Splunk ES ● Threat detection and monitoring of Recorded Future alerts ● Correlation with Recorded Future risk lists ● Enrichment of IOCs in Splunk Enterprise Advanced analytics & investigations - Advanced threat detection - Threat hunting - Incident management Splunk Enterprise ● Sigma Rules Splunk Enterprise Security ● Risk-based alerting ● Notable events with enrichment Unified security operations - Automation & orchestration Splunk SOAR Sub-playbooks for ease of use ● Enrichment ● Sandbox detonation ● Threat hunting ● Custom workflows How intelligence-led security achieves positive outcomes
  • 8. Splunk + Recorded Future Datasheets https://splunkbase.splunk.com/app/4920 https://go.recordedfuture.com/hubfs/data-sheets/splunk.pdf https://go.recordedfuture.com/hubfs/data-sheets/splunk-soar.pdf
  • 9. Splunk + Recorded Future Case Studies https://go.recordedfuture.com/hubfs/case-studies/nkom.pdf https://go.recordedfuture.com/hubfs/case-studies/nov.pdf https://go.recordedfuture.com/hubfs/case-studies/daimler-case-study.pdf