The conversation is a webinar on using the SOAR platform, specifically Splunk Phantom, for security automation and response. The speaker introduces the concept of SOAR platforms and their importance in advanced security environments. He discusses the different vendors and their platforms, highlighting Splunk Phantom and SOAR. The speaker then explains the Lockkey Kill Chain process and the MITRE ATT&CK framework. He demonstrates the use of Splunk Phantom for investigation and response, showing how to perform actions on artifacts and use integrations like VirusTotal and URLScan.io. The webinar concludes with a Q&A session.
Takeaways
SOAR platforms are used in advanced security environments to automate and orchestrate security processes.
Splunk Phantom are popular SOAR platforms.
The Lockkey Kill Chain process and the MITRE ATT&CK framework are important concepts in security investigations.
Splunk Phantom can be used to perform investigations and automate actions on artifacts.
Integrations with tools like VirusTotal and URLScan.io enhance the capabilities of Splunk Phantom.
Documentation and collaboration are crucial in security investigations.
Chapters
00:00 Introduction and Overview
12:36 The Lockheed Martin Kill Chain
49:23 Q&A and Conclusion