Contextualizing your Splunk logs
In a daily fight to secure organizations, security analysts are inundated with a massive log set (if one is so fortunate), but with it comes a high signal-to-noise ratio. Increase your signal by adding context to your logs. Join Quiessence Phillips to learn about the type of context that could be added and the value of its addition.
| Talk Title | Contextualizing your Splunk logs |
| Speakers | Quiessence Phillips (City of New York) |
| Conference | O’Reilly Security Conference |
| Conf Tag | Build better defenses |
| Location | New York, New York |
| Date | October 30-November 1, 2017 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
In a daily fight to secure organizations, security analysts are inundated with a massive log set (if one is so fortunate), but with it comes a high signal-to-noise ratio. Increase your signal by adding context to your logs, such as tagging blocks of IP addresses based on their region, labeling high-value targets, grouping hosts based on a specific corollary, and tagging AV logs as an agnostic approach to multiple vendors being used. This type of additional data added to your logs enables more intelligent alerts, improves triaging efforts for analysts, and enhances security metrics, among many other benefits. Join Quiessence Phillips to learn about the type of context that could be added and the value of its addition.
