Splunk and Carbon Black Response (CbR) are two critically powerful tools in the modern security program. Many organizations know they could integrate the two products but might not know where to begin or fully understand the use cases.
Join the author of the CbR+Splunk Integration, Michael Haag, as he walks through:
- How to enable the integration and what data sets to consider
- 3 common scenarios you will encounter when using Cb Response data inside Splunk
- Advanced techniques including software inventorying, risk scoring, and response automation