Splunk: Operationalize MITRE ATT&CK with Risk Based Alerting (RBA)

Why is alert fatigue accepted as “normal” in Security Operations Centers (SOC)? There has to be a shift in perspective. Splunk has worked with customers to build a reference architecture called Risk Based Alerting within Splunk Enterprise Security. It introduces a layer of abstraction between the detection analytics and the alerting process while aligning with the MITRE ATT&CK™ framework to account for user/system/service specific context when scoring anomalous behavior.

Tune in to learn about how Splunk Risk Based Alerting allows you:

• To scale existing analysts to include more data/analytics
• Increase your true positive rates
• Improve the effectiveness of your SOC