Hafnium is the latest cyberattack that utilizes a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched). Learn how you can use Splunk Phantom to automate account monitoring to ensure that threat actors are not exploiting vulnerabilities to access sensitive information through authenticated accounts.

Check out a demo of SMLE Labs (beta). SMLE is a purpose-built environment, bringing the power of data science and machine learning to production workloads for our Splunk customers. We support a seamless end-to-end ML journey with development, deployment, monitoring, and management — eliminating disjointed solutions with a new, streamlined experience optimized for productivity.

Splunk Dashboard Studio is our new and intuitive dashboard-building experience that allows you to communicate even your most complex data stories. This demo walks you through the key capabilities to leverage when building dashboards in Splunk. For more information, check out the Dashboard Studio documentation.

Analysts are often overwhelmed with a large volume of security events. Phantom makes event management easy by consolidating all events from multiple sources into one place.

While DevSecOps feels like just another industry term, engineering teams everywhere are feeling greater and greater accountability for the security and stability of applications they build. DevSecOps is a practice, not a product. The practice consists of three primary use cases. For enterprises to be successfully implementing DevSecOps practices they need to focus on visibility, consistent communication, and data-driven incident response.

The combination of Crowdstrike and Splunk Phantom together allows for a more smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds. In this video, distinguished Phantom engineer Philip Royer will walk you through an out-of-the-box playbook that you can set up in Phantom to triage malware detections from Crowdstrike and automate a variety of responses based on an informed decision by an analyst.

DevOps culture is not all hoodies and pizza parties. Collaboration between development, operations, and security teams has a much more practical side. It comes down to data, visibility, and sharing. In this episode of Dissecting DevOps, Dave and Chris explore the reality of collaboration in DevOps environments.

Beware that which lives amongst the Clouds. Or, ya know, just attack them mercilessly. One of the best parts about having such talented security pros at Splunk, is they also make amazing products. And some are even free. Enter the Cloud Attack Range, a detection development platform written/maintained by Splunkers Jose Hernandez and Mike Haag and open-sourced to everyone. Joining us will be Co-Founder of Red Canary Keith McCammon. Red Canary integrates with Attack Cloud to help generate attack data. It’s a true community project and we’re going to chat about it.