Splunk SOAR Feature Video: Event Management
Analysts are often overwhelmed with a large volume of security events. Phantom makes event management easy by consolidating all events from multiple sources into one place.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Splunk
Splunk SOAR Feature Video: Main Dashboard
Phantoms Main Dashboard provides an overview of all your data and activity, notable events, playbooks, connections with other security tools, workloads, ROI, and so much more.
Splunk SOAR Feature Video: Playbooks
Playbooks are the codification of your Security Operations (SecOps) plan. In practice, they’re high-level Python scripts that Phantom interprets in order to execute your mission.
Orchestrate Framework Controls to Support Security Operations with Splunk SOAR
Every security team should utilize security frameworks in their strategy and tactics to help reduce risk from common cybersecurity threats. Security frameworks guide organizations on how they should develop, build, and maintain their IT security policies and procedures while sharing best practices for meeting compliance requirements. Healthcare operations in particular are often presented with increasing regulatory scrutiny and obligations that must be met in order to be competitive.
How to Marie Kondo Your Incident Response with Case Management & Foundational Security Procedures
Marie Kondo, a Japanese organizational consultant, helps people declutter their homes in order to live happier, better lives. She once said: Similarly, in security, operational teams are constantly bogged down by a “visible mess” that inhibits their ability to effectively secure their organization.
Splunk for OT Security V2: SOAR and More
In the last 90 days, the news of cyberattacks on critical infrastructure has been stunning. From the unprecedented breach represented by Sunburst to the more recent bone-chilling attack at the Oldsmar water facility, the urgency to secure critical infrastructure in transportation, utilities, energy, water, critical manufacturing, telecommunications, healthcare, government facilities and the defense sector has never been higher.
Splunk SOAR Playbooks: Crowdstrike Malware Triage
The combination of Crowdstrike and Splunk Phantom together allows for a more smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds. In this video, distinguished Phantom engineer Philip Royer will walk you through an out-of-the-box playbook that you can set up in Phantom to triage malware detections from Crowdstrike and automate a variety of responses based on an informed decision by an analyst.
Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk
If you want just to see how to find HAFNIUM Exchange Zero-Day Activity, skip down to the “detections” sections. Otherwise, read on for a quick breakdown of what happened, how to detect it, and MITRE ATT&CK mappings.
Building a Superstar SOC with Automation and Standardization
When you have a team of security analysts that have a wide range of expertise, knowledge, and experience, it is natural to see the difference in the quality of work performed. One of the biggest challenges that security operation managers face when auditing the work performed is that some team members may execute different steps at different levels of rigor when investigating and remediating threats.
From the SecOps Kitchen: Why Operators of Essentials Services Need to Prepare Now
Hey there, The European Union Agency for Cybersecurity (ENISA) has recently published its NIS Investment report - a survey conducted on European organisations identified as Operator of Essentials Services (OES) and Digital Service Providers (DSP).