Initial compromises happen on your endpoints, so why are you not Splunking them? In this edition of Splunking The Endpoint, we will tell you exactly what to configure in Splunk, and where, why, and how to do so in order to get unparalleled visibility into threats targeting your network. Not only will we revisit popular operating system and open-source endpoint data sources like Sysmon and Osquery, but we'll also talk about various popular commercial EDR products and give you best practices for collecting data from them. Lastly, we'll help you address any doubts about scale problems and licensing costs.Please bring your laptop! We will dive through the latest Boss of the SOC (BOTS) endpoint data and demonstrate the detection techniques needed to answer BOTS questions. Everything you learn will be something you can take home and put into production immediately.

Speaker(s)
James Brodsky, Director, Global Security Kittens, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2007.pdf?podcast=1577146268

Product: Splunk Enterprise, Splunk Business Flow, Splunk Data Fabric Search and Data Stream Processor
Track: Security, Compliance and Fraud
Level: Good for all skill levels