TechTalk_Operationalise Mitre Attack with Risk Based Alerting_Part 1

Presented by

Jim Apger Staff Security Strategist Security Operations Splunk & Jairo Camacho Product Marketing Specialist Splunk User Behav

About this talk

Why is alert fatigue accepted as “normal” in Security Operations Centers (SOC)? There has to be a shift in perspective. Splunk has worked with customers to build a reference architecture called Risk Based Alerting within Splunk Enterprise Security. It introduces a layer of abstraction between the detection analytics and the alerting process while aligning with the MITRE ATT&CK™ framework to account for user/system/service specific context when scoring anomalous behavior. Tune in to learn about how Splunk Risk Based Alerting allows you: - To scale existing analysts to include more data/analytics - Increase your true positive rates - Improve the effectiveness of your SOC

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (55)
Subscribers (3330)
Description: Splunk Inc. (NASDAQ: SPLK) is the market leader in analyzing machine data to deliver Operational Intelligence for security, IT and the business. Splunk® software provides the enterprise machine data fabric that drives digital transformation. More