Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

.conf Go 2023 - Raiffeisen Bank International

Splunk
Splunk

This document discusses standardizing security operations procedures (SOPs) to increase efficiency and automation. It recommends storing SOPs in a code repository for versioning and referencing them in workbooks which are lists of standard tasks to follow for investigations. The goal is to have investigation playbooks in the security orchestration, automation and response (SOAR) tool perform the predefined investigation steps from the workbooks to automate incident response. This helps analysts automate faster without wasting time by having standard, vendor-agnostic procedures.

Related slideshows

The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...
The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...
The Secrets to Increasing Value of IT to the Enterprise with Jose Ignacio Zor...
 
Softengi - Inspired Software Engineering
Softengi - Inspired Software EngineeringSoftengi - Inspired Software Engineering
Softengi - Inspired Software Engineering
 
Microsoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with RunpipeMicrosoft Power Platform Governance with Runpipe
Microsoft Power Platform Governance with Runpipe
 
1 of 16
© 2023 SPLUNK INC. Security Manager Manuel Traxler
© 2023 SPLUNK INC. Unleash the potential of your analysts: Empower them to automate like professionals Revolutionizing SOPs: The art of standardization - change the way of writing SOPs Increasing efficiency: the key to faster automation and reduced workloads
© 2023 SPLUNK INC. .. coordinating the collaboration between external providers and our team while ensuring rapid, efficient, and standardized data enrichment without shooting ourselves into the foot. A Challenge we have to overcome
© 2023 SPLUNK INC. Chapter 1 How to intake & define SOPs at scale
© 2023 SPLUNK INC. Too many SOPs Investigation Steps SOPs Unique Investigation Steps Different Categories for the analyst to select the steps relevant to the alert 2000 600 60 6
© 2023 SPLUNK INC.
© 2023 SPLUNK INC.
© 2023 SPLUNK INC. SOP’s with Benefits ✅ Available as JSON ✅ Store on Code repository for versioning and provisional purposes ✅ SOPs become faster to create and easier to understand ✅ Easy maintaining of SOP through MS PowerApps
© 2023 SPLUNK INC. Chapter 2 Workbooks
© 2023 SPLUNK INC. SOPs living in GIT, not in SOAR https://git-scm.com/downloads/logos
© 2023 SPLUNK INC. Workbooks! Workbooks are lists of standard tasks that you follow when you evaluate events or cases. Phase Task Phase Task
© 2023 SPLUNK INC. Chapter 3 Automate investigation
© 2023 SPLUNK INC. Workflow Investigation Input Playbooks perform the investigation steps previously selected by the use case author. Alert Potentially suspicious activity found in Splunk SIEM. Alert is sent to SOAR. Workbooks Automation Playbook identifies triggered Use Case and applies corresponding Workbook.
© 2023 SPLUNK INC.
© 2023 SPLUNK INC.
© 2023 SPLUNK INC. Inspiration ✅ Everybody automates faster ✅ SOPs in “refurbished” format (vendor agnostic) ✅ Don’t waste time

More Related Content

.conf Go 2023 - Raiffeisen Bank International

  • 1. © 2023 SPLUNK INC. Security Manager Manuel Traxler
  • 2. © 2023 SPLUNK INC. Unleash the potential of your analysts: Empower them to automate like professionals Revolutionizing SOPs: The art of standardization - change the way of writing SOPs Increasing efficiency: the key to faster automation and reduced workloads
  • 3. © 2023 SPLUNK INC. .. coordinating the collaboration between external providers and our team while ensuring rapid, efficient, and standardized data enrichment without shooting ourselves into the foot. A Challenge we have to overcome
  • 4. © 2023 SPLUNK INC. Chapter 1 How to intake & define SOPs at scale
  • 5. © 2023 SPLUNK INC. Too many SOPs Investigation Steps SOPs Unique Investigation Steps Different Categories for the analyst to select the steps relevant to the alert 2000 600 60 6
  • 8. © 2023 SPLUNK INC. SOP’s with Benefits ✅ Available as JSON ✅ Store on Code repository for versioning and provisional purposes ✅ SOPs become faster to create and easier to understand ✅ Easy maintaining of SOP through MS PowerApps
  • 9. © 2023 SPLUNK INC. Chapter 2 Workbooks
  • 10. © 2023 SPLUNK INC. SOPs living in GIT, not in SOAR https://git-scm.com/downloads/logos
  • 11. © 2023 SPLUNK INC. Workbooks! Workbooks are lists of standard tasks that you follow when you evaluate events or cases. Phase Task Phase Task
  • 12. © 2023 SPLUNK INC. Chapter 3 Automate investigation
  • 13. © 2023 SPLUNK INC. Workflow Investigation Input Playbooks perform the investigation steps previously selected by the use case author. Alert Potentially suspicious activity found in Splunk SIEM. Alert is sent to SOAR. Workbooks Automation Playbook identifies triggered Use Case and applies corresponding Workbook.
  • 16. © 2023 SPLUNK INC. Inspiration ✅ Everybody automates faster ✅ SOPs in “refurbished” format (vendor agnostic) ✅ Don’t waste time