Improve Splunk Risk-Based Alerting with Network Detection
Tuesday, August 29th | 2:00pm ET; 11:00am PT | 30 minutes
Join us and our Corelight presenters: James Schweitzer, Director, NA East and Federal Sales Engineer, and Roger Cheeks, Federal Sales Engineer, for an informative webinar around Network Detection and Response (NDR). This is a fundamental component of the SOC triad. NDR capabilities significantly speed your journey towards, and improve the fidelity of Splunk Risked-Based Alerting.
In this session, you will learn how to rapidly deploy NDR capabilities, integrate seamlessly into Splunk Enterprise Security, and leap the chasm into Risk-Based Alerting. Corelight detections can be based on a combination of data analytics, signatures, and machine-learning. Corelight also provides a rich set of network security metadata across a wide range of protocols to provide full investigative data. After this breakout session, you’ll be able to:
- Speed SOC investigation by adding incredibly detailed attributes to risk objects using Corelight metadata
- Improve asset & identity integration
- Map alerts to tactics and techniques of the MITRE ATT&CK framework
- Use a wide array of fields to modify risk scores
- Drill into alerts with amazing speed and high-fidelity reporting