Type de contenus
Visibilité | Don’t Wait for the Breach: Perfecting Your Splunk Alerts
Découvrez cette conférence qui s'est déroulée lors de l'événement virtuel Cybersécurité 20/20 les 24 et 25 novembre 2020.
Descriptif de la conférence (présentée en anglais) :
With a Splunk deployment collecting up to 1M alerts a day from various security tools, which range from the trivial to the disastrous. And it’s not just individual alerts that matter, it’s the ability to combine multiple alerts from multiple security tools in a particular sequence and within a particular time frame and recognize that pattern as a security event which then generates the relevant alert on Splunk. SecOps teams spend a lot of time trying to write rules for Splunk alerts which fire off when these conditions happen – but they’re nearly impossible to test. In fact, most security teams only see what security events really look like in the rear-view mirror. With Threat Simulator, they can evaluate not only the effectiveness of their WAFs, firewalls, IDSs and more, but their ability to correctly classify and respond to security events on their network.
ANDREW YOUNG, Security Solutions Architect - KEYSIGHT TECHNOLOGIES