Implementing MITRE ATT&CK into a SOC
ฝัง
- เผยแพร่เมื่อ 20 ก.ค. 2024
- An overview of Splunk Security Essentials and learning how to map data sources to the MITRE ATT&CK Framework into SOC alerts.
By: Curtis Smallwood
June 20, 2020 - Queen City Skiddies Meetup #11 - วิทยาศาสตร์และเทคโนโลยี
Do you have the XML for that dashboard you made?
8:56 I like how there is a green screen of chicken wings behind you and nobody questions it in the comment section
Hi can you help me??
Splunk is not a SIEM it is Big data tool.
Splunk enterprise security is a SIEM, built on a data platform.
@@amyheng4892 you are largely correct, but that depends of your definition of the SIEM. Enterprise Security (ES) has got extensions towards Threat Intel, UBA, automation, an incident response which makes the platform more valuable in comparicement to the traditional Gartner-definition of SIEM-products. Imagine best security practices in a box productized in form of interactive dashboards with several frameworks - that's your ES.