| Time | Session |
| June 28 | |
| 8:30am - 11:30am | Kickoff & Splunk 4 Rookies: Splunk team will kick off what to expect over the next few days. Then we'll dive into Splunk 4 Rookies. This workshop provides an introduction to Splunk, along with hands-on experience creating a Splunk app and dashboard based on multiple use cases. |
11:30am - 1:00pm | Lunch & APT Falconer Demo: Grab lunch and come back for a demo of the CPT purpose-built app known as APT Falconer. |
1:00pm - 4:30pm | Enterprise Security Workshop: In this hands-on workshop, attendees will learn how to investigate incidents using Splunk Enterprise and our SIEM Splunk Enterprise Security (ES). |
| June 29 | |
8:30am - 12:00pm | Investigating with Splunk: This intensive, hands-on workshop is designed to demonstrate how users will use Splunk in a real-world incident investigation scenario. We will use Splunk Enterprise, in combination with open-source intelligence, to provide greater visibility into the totality of a security incident while mapping our findings to the Lockheed Martin Cyber Kill Chain. |
12:00pm - 12:45pm | Lunch Break |
12:45pm - 4:30pm | SOAR (Phantom) Workshop: In this workshop, attendees will learn to use Splunk SOAR to respond to incidents, manage cases and artifacts, as well as automate incident response and other standard operating procedures. See first-hand how SOAR can be used from the creation of a notable event to enriching alerts by automatically gathering data, all the way to managing and resolving the incident. |
| June 30 | |
| 8:30am - 12:00pm | Threat Hunting and APT: A New Adversary: This intensive, hands-on, workshop leverages Splunk Enterprise Core and Enterprise Security (SIEM) as well as the Lockheed Martin Cyber Kill Chain, the MITRE ATT&CK framework, and the Diamond Model to guide discussion on the development of hypotheses and contextualize a real-life threat hunting scenario. The workshop involves various scenarios that CPT members may see when hunting an APT. |
| 12:00pm - 12:45pm | Lunch Break |
| 12:45pm - 4:30pm | Threat Hunting an APT: A new Adversary: Come back and wrap up this workshop after lunch! |
|
