Turning Threat Data into Threat Intelligence: It's Only Log-ical

At our next user group meeting, DomainTools talk about we can use Splunk ES to product threat intel. There are an estimated five billion connected users on the Internet. Over 100M new domains are registered every year. That’s a lot of Internet to keep track of. Threat actors have long abused Internet infrastructure for delivery of phishing campaigns. Using Large Language Models and targeting mobile users has allowed activity to scale. This demands scaled contextual data in the SOC, giving SIEMs more to manage; but Splunk Enterprise Security and supporting apps are equipped to exploit the fact that cyber criminals share and reuse resources. Executing high-volume queries with low latency can turn context into actionable intel. This live presentation will show how Splunk users can quickly enrich logged domains, view changes and connections between IPs, domains, and other Internet Infrastructure, and mitigate the most prioritized threats directly within Splunk ES.