Second Order Security - Episode 7 - SOAR Games: Volume 2
Continuing our playbook building games, Dan and Tom heckle Danny through breaking down a master playbook into modular playbooks. Danny continues to screw up his audio.
Operations | Monitoring | ITSM | DevOps | Cloud
The Place Where Modern Operations & Technology Come Together
A day in the life of cybersecurity. Splunk customer stories of SOC-cess
We have a saying at Splunk. It goes something like “if you’re ever having a bad day, go and talk to a customer”. What organizations around the world are doing with their data and Splunk brings a huge smile and an eyebrow raising, positive “can’t quite believe you’ve done that” very-impressed nod of the head. That’s never more true than with our security customers.
SOARing to the Clouds with Splunk SOAR
For years, security practitioners have kicked and screamed about their reality. There are too many alerts to fully investigate and manually resolve every day. There is a massive talent shortage of qualified security professionals across the globe. Then couple that with analyst burnout and siloed security point-products. All of these factors are preventing security operation centers (SOCs) from operating at their full potential, with increased efficiency, performance and speed.
SOCtails Episode 4 - Respond Fast to Security Incidents with Automated Playbooks
Investigating and responding to phishing attacks is tedious and time-consuming. Kevin responds to phishing attacks by following a step-by-step manual process catalogued in his "Cybersecurity Playbook." Jeff shows Kevin an easier and faster way to respond using automated playbooks from Splunk SOAR (formerly known as Splunk Phantom).
Splunk SOAR Playbooks: GCP Unusual Service Account Usage
As organizations increase their cloud footprints, it becomes more and more important to implement access control monitoring for as many resources as possible. In previous playbooks, we have shown examples of AWS and Azure account monitoring, but the series would not be complete without also supporting Google Cloud Platform (GCP).
Super Speed with Phantom Slash Commands
Are you the type of person who loves the command-line? Is tab-complete your friend? Do you move faster on a keyboard than with a mouse? Then Phantom Slash Commands are for you!
SOARing w/ Splunk Phantom
Hey kids, do you like automation? Danny chats with Dan Dagget (@sgviking) , @Splunk Community Leader for Phantom & Tom Wise from @Adarma_Security about how to SOAR. What is SOAR? Do you need it? Are you ready to deploy it even if you do need it? How many times will Danny screw up the audio settings like the true professional he is? All answers lie within.
Understanding Splunk Phantom's Join Logic
If you’re an active Splunk Phantom user, it’s safe to assume you know what a playbook is. If not, here’s a quick summary: Phantom playbooks allow analysts to automate everyday security tasks, without the need for human interaction. Manual security tasks that used to take 30 minutes can now be executed automatically in seconds using a playbook. The result? Increased productivity and efficiency, time saved, and headaches avoided.
Easily Automate Across Your AWS Environments with Splunk Phantom
When running Splunk Phantom with AWS services, it can be tricky to make sure Splunk Phantom has the right access. When you’re managing multiple AWS accounts, the effort to configure Splunk Phantom’s access to every account can feel insurmountable. Fortunately, Amazon has the Security Token Service to solve this problem with temporary credentials, so we’ve integrated it with Splunk Phantom!
Sumo Logic + DFLabs: Cloud SIEM Combined with SOAR Automates Threat Detection and Incident Response
I’m pleased to announce that Sumo Logic has finalized its acquisition of DFLabs S.p.A., a provider of security orchestration, automation and response (SOAR) software.