.Conf16 - Anomaly Hunting with Splunk Software

Anthony G. Tellez1 min read
Machine LearningSecurityData ScienceSplunkConferenceAnomaly Detection

Splunk has enabled big data on the security practitioner's desktop, but the security knowledge worker is not a data scientist by training. SOC engineers need easy-to-implement machine learning tools.

This presentation explores existing machine learning toolkits available in the Splunk platform and how they can be applied to:

Use Cases

Data Exfiltration Detection

Identifying abnormal data movement patterns that indicate potential data theft or unauthorized transfers.

Port/Traffic Analysis

Detecting anomalous network behavior through statistical analysis of port usage and traffic patterns.

Advanced Threat Detection

Using machine learning to identify sophisticated attacks that evade signature-based detection.

Making ML Accessible

The focus is on practical, operational machine learning that security practitioners can implement without deep data science expertise. Topics include:

  • Anomaly detection workflows
  • Statistical outlier identification
  • Time-series analysis for threat hunting
  • Operationalizing ML models in production SOC environments

Presentation Materials

Watch Video

Download Slides

Presented at Splunk .conf16

← Back to Blog