Hafnium is the latest cyberattack that utilizes a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched). Learn how you can use Splunk Phantom to automate account monitoring to ensure that threat actors are not exploiting vulnerabilities to access sensitive information through authenticated accounts.

Check out a demo of SMLE Labs (beta). SMLE is a purpose-built environment, bringing the power of data science and machine learning to production workloads for our Splunk customers. We support a seamless end-to-end ML journey with development, deployment, monitoring, and management — eliminating disjointed solutions with a new, streamlined experience optimized for productivity.

Splunk Dashboard Studio is our new and intuitive dashboard-building experience that allows you to communicate even your most complex data stories. This demo walks you through the key capabilities to leverage when building dashboards in Splunk. For more information, check out the Dashboard Studio documentation.

Analysts are often overwhelmed with a large volume of security events. Phantom makes event management easy by consolidating all events from multiple sources into one place.

While DevSecOps feels like just another industry term, engineering teams everywhere are feeling greater and greater accountability for the security and stability of applications they build. DevSecOps is a practice, not a product. The practice consists of three primary use cases. For enterprises to be successfully implementing DevSecOps practices they need to focus on visibility, consistent communication, and data-driven incident response.

The combination of Crowdstrike and Splunk Phantom together allows for a more smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds. In this video, distinguished Phantom engineer Philip Royer will walk you through an out-of-the-box playbook that you can set up in Phantom to triage malware detections from Crowdstrike and automate a variety of responses based on an informed decision by an analyst.

DevOps culture is not all hoodies and pizza parties. Collaboration between development, operations, and security teams has a much more practical side. It comes down to data, visibility, and sharing. In this episode of Dissecting DevOps, Dave and Chris explore the reality of collaboration in DevOps environments.