We use cookies to ensure that we give you the best experience on our website. By continuing your visit on the website, you consent to the use of the cookies. If you want to find out more about the cookies we use, you can access our Privacy Policy.
We are looking for your story at our user group. The goal of this event is a simple one; meet other Splunk enthusiasts, share experience, learn how others have handled certain situations, and have lots of fun doing so.
Panelists
Richard Hensen
Splunk
Ferdinand Vroom
NN
When
Thursday, December 17, 2020 2:00 PM – 4:00 PM (UTC)
Agenda
2:00 PM
Welcome
2:15 PM
Cyberarcheology on threat intel reports with Splunk
Jorrit has processed 1000+ publicly available threat intel reports. In Splunk. Using his annual reports processing pipeline, that you might remember from the Boardroom Cybersecurity Awareness talks that everyone is tired of hearing. There are some interesting observations and trends that are worth sharing.
2:30 PM
From Low Alert 🚨 to Hunt. How we pivoted into a rabbit-hole of malware hosting
For this User Group Andrei and Niels would like will share their recent investigation in services of Atlassian being misused for malware hosting and how we used Splunk to pivot from the initial alert of a single repository to multiple repositories. The goal of the talk is to show and learn the audience how to go from the smallest piece of data and use it to discover more to go on and stop baddies in the future.
3:15 PM
Break
3:30 PM
What is the value of using CMDB context in Splunk and how to do
Some people think that Service Management is not for DevOps anymore and other think Splunk is not having shadow CMDB’s. The reality though is that central teams are connecting many cloud repositories to the central CMDB which could be handy to use in Splunk and that those teams still need to do a form of Service Management. And also Splunk is having many shadow CMDB’s by people using lookups and tags. This talk/demo is about how I connected both worlds together so that CMDB context can be used within Splunk for all sort of use cases.
