Incident response, disaster recovery, and executing case management strategies - Splunk Tutorial

Contents

• Introduction Introduction

  • Event management overview

    46s
  • Splunk's approach to security information and event management (SIEM)

    1m 1s
  • Introduction to the Splunk Security Essentials app

    2m 13s
• 1. Setting Security Goals 1. Setting Security Goals

  • The power of a good goal

    3m 8s
  • (Locked)
    Prioritize your security goals

    2m 35s
  • (Locked)
    Create event management to delegate and collaborate

    2m 50s
  • (Locked)
    Plan a case management strategy

    2m 37s
  • (Locked)
    How to use regex for custom event filtering

    3m 2s
  • (Locked)
    How to use GRC as a starting point

    2m 3s
• 2. The Security Information Discovery Process 2. The Security Information Discovery Process

  • What is a discovery process?

    1m 32s
  • (Locked)
    How to apply the scientific method to build classifications

    3m 14s
  • (Locked)
    How to set a hypothesis and run an experiment

    3m 31s
  • (Locked)
    How to use regex for custom event filtering

    1m 40s
• 3. Build and Report 3. Build and Report

  • (Locked)
    Implementing successful development tests into production

    2m 55s
  • (Locked)
    Report and alarm scheduling

    2m 1s
  • (Locked)
    Using MITRE ATT&CK and Cyber Kill Chain frameworks

    1m 28s
• 4. Auto-Remediate and Advise Action 4. Auto-Remediate and Advise Action

  • (Locked)
    Determining which events can be automated

    1m 39s
  • (Locked)
    Incident response, disaster recovery, and executing case management strategies

    3m 6s
  • (Locked)
    Root cause analysis and why it matters

    2m 50s
  • (Locked)
    Managing critical events

    1m 40s
  • (Locked)
    Real-world use cases

    2m 33s
• Conclusion Conclusion

  • (Locked)
    Putting it all together

    2m 7s
  • (Locked)
    Test detections

    1m 53s