Turning Threat Data into Threat Intelligence: It's Only Log-ical

Oct 22, 9:30 – 11:00 PM (UTC)

Washington DC Splunk User Group

At our next user group meeting, DomainTools will talk about how we can use Splunk ES to produce threat intel.

About this event

There are an estimated five billion connected users on the Internet. Over 100M new domains are registered every year. That’s a lot of Internet to keep track of. Threat actors have long abused Internet infrastructure for delivery of phishing campaigns. Using Large Language Models and targeting mobile users has allowed activity to scale. This demands scaled contextual data in the SOC, giving SIEMs more to manage; but Splunk Enterprise Security and supporting apps are equipped to exploit the fact that cyber criminals share and reuse resources. Executing high-volume queries with low latency can turn context into actionable intel. This live presentation will show how Splunk users can quickly enrich logged domains, view changes and connections between IPs, domains, and other Internet Infrastructure, and mitigate the most prioritized threats directly within Splunk ES.

Speaker

  • Malachi Walker

    DomainTools

    Security Advisor

When

When

Tuesday, October 22, 2024
9:30 PM – 11:00 PM (UTC)

Host

  • Richard Galloway

    The "original" Rich

Organizers

  • Rich Galloway

    Splunk

    Splunk Consultant

  • Rutger Thomschutz

    Qmulos

    Washington DC User Group Leader

  • Rinaldi Rampen

    Salesforce

    User Group Leader

Contact Us