If you are into Security and didn’t have an opportunity to attend the Splunk conference in Las Vegas this year (maybe you’re busy playing Blackjack instead?), here’s what you can not miss.
The list is not sorted in any particular order and, whenever possible, entries include presenters’ Twitter handles as well as takeaways or comments that might help you choose where to start.
- Security Operations Use Cases at Bechtel (recording / slides)
That’s the coolest customer talk from the ones I could watch. The presenters (@ / @) discussed some interesting use cases and provided a lot of input for those willing to make Splunk their nerve center for security.
- Finding Advanced Attacks and Malware with Only 6 Windows EventIDs (recording / slides)
This presentation is a must for those willing to monitor Windows events either via native or 3rd party endpoint solutions. @HackerHurricane really knows his stuff, which is not a surprise for someone calling himself a Malware Archaeologist.
- Hunting the Known Unknowns (with DNS) (recording / slides)
If you are looking for concrete security use case ideas to build based on DNS data, that’s a gold. Don’t forget to provide feedback to Ryan Kovar and Steve Brant, I’m sure they will like it.
- Building a Cyber Security Program with Splunk App for Enterprise Security (recording / slides)
Enterprise Security (ES) app relies heavily on accelerated data models, so besides interesting tips on how to leverage ES, Jeff Campbell provides ways to optimize your setup, showing what goes under the hood.
- Build A Sample App to Streamline Security Operations – And Put It to Use Immediately (recording)
This talk was delivered by Splunkers @dimitrimckay and @daveherrald. They presented an example on how to build custom content on top of ES to enhance the context around an asset, which is packed to an app available at GitHub.
Now, in case you are not into Security but also enjoy watching hardcore, techie talks, here’s my TOP 5 list:
- Optimizing Splunk Knowledge Objects – A Tale of Unintended Consequences (recording / slides)
Martin gives an a-w-e-s-o-m-e presentation on Knowledge Objects, unraveling what happens under the hood when using tags and eventtypes. Want to provide him feedback? Martin is often found at IRC, join #splunk and say ‘Hi’!
- Machine Learning and Analytics in Splunk (recording / slides)
If you are into ML and the likes of R programming, the app presented here will definitely catch your attention. Just have a quick look on the slides to see what I mean. A lot of use cases for Security here as well.
- Beyond the Lookup Glass: Stepping Beyond Basic Lookups (recording)
Wanna know about the challenges with CSV Lookups and KV store in big deployments? Stop here. Kudos to Duane Waddle and @georgestarcher!
- Splunk Search Pro Tips (recording / slides)
Just do the following: browse the video recording and skip to around 30′ (magic!). Now, try not watching the entire presentation and thank Dan Aiello.
- Building Your App on an Accelerated Data Model (recording / slides)
In this presentation, the creator of the ubberAgent – @HelgeKlein – describes how to make the most of data models in great detail.
Still eager for more security related Splunk .conf stuff? Simply pick one below (recordings only).
- Security Ninjutsu Part Two: More Security Analytics, Correlation and Action!
- Turning Indicators of Compromise into Tangible Protection
- Building an Enterprise-grade Security Intelligence Platform at Yoox.com
- Breach Management in Splunk App for Enterprise Security
- Orrstown Bank: Using Splunk Cloud and Anomaly Detection Capabilities To Fight a Billion Dollar Fraud Problem
- Indicators to Adversaries – Intrusion Analysis Using the Diamond Model
- Splunking The Endpoint
- Royal Caribbean Cruise Lines: Centralizing Cybersecurity and Leveraging DNS Data to Identify Malware “Patient Zero”
- Detecting Bank Account Takeover and Fraud Cyber Attacks with Splunk
For all presentations (recordings and slides), please visit the conference website.