Tune in to the Tech Talk to learn how to get started with an account monitoring use case, how our newest community playbook initiates a scheduled review of new accounts created in Azure Active Directory each week, and how your security team should have a good understanding of the frequency and common attributes of newly created accounts.

Tune into the Tech Talk to learn about the combination of Crowdstrike and Splunk Phantom that allows for a smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds.

Tune in to this Tech Talk to learn about how Splunk UBA allows you to identify blind spots in security event logging, troubleshoot logging right at the source and find advanced detections with available data sources.

Tune in to this Tech Talk to learn how to optimize CPU and Memory usage to achieve considerable costs savings, how the built-in monitoring console and Enterprise Security auditing page can provide better visibility into how your SIEM is performing, and how to empower your team with bottleneck root cause analysis and performance tuning skills to scale your ES operations.

Tune in to this Tech Talk to learn how to improve true positive rates, detect complex threats faster, and streamline investigations with richer context.

Tune in to this Tech Talk to learn how to incorporate threat indicators to your RBA strategy, build an extensible Phantom playbook framework for new use-cases, and automate analyst information gathering steps.

Tune in to this Tech Talk to learn how your organization can use attack datasets to evaluate the strengths and weaknesses of your SIEM correlation searches. Attack datasets consist of real datasets with real attacks generated by the attack_range. These datasets are broken down by techniques and tactics according to the MITRE ATT&CK matrix.

Tune in to this Tech Talk to learn how Phantom can dynamically add tasks to your workbooks, understand why workbooks might need to adapt during investigations, and see modular workbook development in action and utilize these examples in your organization.

Join the Splunk Security Gang on Thursday October 21st at 11 am Pacific for a special edition live event for.conf21! The episode will be a spicy one you don't want to miss!