.Conf17 - Everyone Can Build A Security App

Attend this guided, hands-on session to learn security best practices related to building a Splunk App – specifically, key aspects of operationalizing security searches, visualizations and workflow. We’ll cover a range of topics, including: - Overall methodology: when and how building an app can help with security challenges and how to design an app to extract key insights from common data sources. - Foundational concepts: TA application, data validation, CIM, summarization, data enrichment, analysis techniques, visualizations, rules definition and more. - More advanced: including modeling, applying data science techniques, forming hypotheses and process considerations. You’ll learn first-hand by iteratively developing an app that you can then take home and continue to use as a learning or testing tool. Alternatively, you can customize and/or deploy or even rebuild it using your security or compliance framework of choice. The app includes the security-rich dataset used in last year’s (.conf2016’s) Boss of the SOC competition. You can get great, useful info and techniques from this session regardless of your skill level with Splunk or whether your current primary use case is security, IT operations or something else. Laptops are required to participate.