How to Eliminate Alert Fatigue by Turbo-Charging Splunk Phantom with Corelight NSM

  • Thursday, 11 Jun 2020 12:00PM EDT (11 Jun 2020 16:00 UTC)
  • Speakers: Richard Bejtlich, Troy Moore, Wissam Ali-Ahmad, Mark Overholser

Every Security Operations Center experiences challenges daily. Things like alert fatigue, false positives, overwhelming numbers of cases, a mountain of events to analyze, and limited time and resources to handle the workload. Fortunately, Corelight Network Security Monitoring (NSM) combined with Splunk's Security Orchestration, Automation, and Response (SOAR) platform, Phantom, delivers a cure.

By blending Splunk Phantom playbooks with Corelight network data, analysts can leverage automated, pre-correlated views to make high-fidelity decisions in seconds while maintaining auditor-quality control of forensic data. These playbooks gather network context based on alerts can automatically make a determination of whether or not it is a false positive.

Join experts from Corelight, Splunk, and Idaho National Laboratory to learn how these capabilities can multiply your security operations efforts and shorten incident response time.