.Conf18 - Turning Security Use Cases into SPL
•Anthony G. Tellez•2 min read
SplunkSPLSecurityConferenceThreat Detection
Have you ever stared at the search bar while deciding the best way to query Splunk for answers? Let's face it, we've all been there.
The pressure gets even more intense when you are building security use cases, hunting for threat actors and meeting compliance requirements to protect your organization from hackers.
The Challenge
Make a mistake and you could:
- Create an unnecessary performance penalty in your environment
- Miss the mark on your intended detection goal
- Allow threats to go undetected
What You'll Learn
This session demonstrates common tried and tested SPL patterns used in building security use cases, including:
Core SPL Patterns
Proven query structures that balance:
- Accuracy - Precise detection of threats
- Efficiency - Minimal performance impact
- Reliability - Consistent results
Deep Dive: tstats Command
Master the tstats command with:
- Tips and tricks for effective usage
- Data model acceleration techniques
- Summary optimization strategies
- Performance tuning best practices
Data Model Acceleration
Learn how to:
- Utilize acceleration summaries in searches
- Optimize search performance
- Build scalable detection logic
- Reduce search overhead
Practical Application
These patterns can be applied to various use cases:
- Threat hunting workflows
- Compliance monitoring
- Incident response
- Security analytics dashboards
Presentation Materials
Presented at Splunk .conf18 by Anthony G. Tellez and Splunk Professional Services