Security-specific metrics in Splunk - Google Cloud Platform Tutorial

Contents

• Overview Overview

  • Course overview

    4m 39s
• GDC platform overview GDC platform overview

  • (Locked)
    Module overview

    1m
  • (Locked)
    What is GDC

    4m 36s
  • (Locked)
    GDC services

    5m 26s
  • (Locked)
    GDC at Cymbal Federal

    1m 14s
  • (Locked)
    The users of GDC

    5m 39s
  • (Locked)
    The GDC operating model

    1m 14s
  • (Locked)
    GDC architecture

    10m 7s
  • (Locked)
    GDC security guarantees

    7m 42s
  • (Locked)
    The Operations Center (OC)

    3m 2s
  • (Locked)
    Module review

    40s
• The infrastructure operator SecOps roles in GDC The infrastructure operator SecOps roles in GDC

  • (Locked)
    Module overview

    54s
  • (Locked)
    The Security Operations Center (SOC)

    4m 32s
  • (Locked)
    Defending the GDC platform

    3m 15s
  • (Locked)
    Roles in the SOC

    1m 8s
  • (Locked)
    Tier 1 and Tier 2 analysts in the SOC

    3m 58s
  • (Locked)
    Tier 3 analysts in the SOC

    2m 48s
  • (Locked)
    Security and the SOC

    1m 2s
  • (Locked)
    SOC organization structure

    5m 43s
  • (Locked)
    Interacting with external teams

    2m 28s
  • (Locked)
    Module review

    46s
• SOC processes in Google Distributed Cloud (GDC) air-gapped SOC processes in Google Distributed Cloud (GDC) air-gapped

  • (Locked)
    Module overview

    1m 44s
  • (Locked)
    Logs in the GDC SOC

    4m 8s
  • (Locked)
    Manual and automated security processes

    1m 12s
  • (Locked)
    Security Information and Event Management (SIEM)

    4m 3s
  • (Locked)
    Security Orchestration, Automation, and Response (SOAR)

    3m 59s
  • (Locked)
    Endpoint Detection and Response (EDR)

    5m 1s
  • (Locked)
    SIEM, EDR, and SOAR at Cymbal Federal

    1m 41s
  • (Locked)
    An introduction to incident management

    6m 7s
  • (Locked)
    The activities behind incident management

    6m 49s
  • (Locked)
    The end-to-end incident response process

    1m 14s
  • (Locked)
    Monitor

    2m 46s
  • (Locked)
    Intake

    3m 49s
  • (Locked)
    Escalate

    1m 45s
  • (Locked)
    Investigate

    4m 19s
  • (Locked)
    Contain and remediate

    2m 38s
  • (Locked)
    Recover and report

    2m 52s
  • (Locked)
    Recap of incident response management

    1m 18s
  • (Locked)
    The incident response plan (IRP)

    1m 34s
  • (Locked)
    The challenges of proactive cyber security

    4m 2s
  • (Locked)
    Advanced security services in the SOC

    3m 7s
  • (Locked)
    Advanced security services at Cymbal Federal

    2m 9s
  • (Locked)
    The asset inventory

    3m 58s
  • (Locked)
    Introduction to threat modeling

    5m 41s
  • (Locked)
    Introduction to vulnerability management

    7m 26s
  • (Locked)
    Introduction to security engineering

    6m 35s
  • (Locked)
    Module review

    1m 9s
• SOC tools for Google Distributed Cloud (GDC) air-gapped SOC tools for Google Distributed Cloud (GDC) air-gapped

  • (Locked)
    Module overview

    1m 9s
  • (Locked)
    Tools in the SOC

    2m 12s
  • (Locked)
    The MITRE ATT&CK framework

    3m 40s
  • (Locked)
    GDC platform security

    1m 29s
  • (Locked)
    Categories of tools for the GDC SOC

    3m 53s
  • (Locked)
    Core tools in the GDC SOC: Splunk SIEM

    3m 58s
  • (Locked)
    Core tools in the GDC SOC: Tenable Nessus

    3m 59s
  • (Locked)
    Core tools in the GDC SOC: Portswigger Burp

    4m 39s
  • (Locked)
    Core Tools in the GDC SOC: Trelix

    6m 21s
  • (Locked)
    Core tools in the GDC SOC: Microsoft Defender Antivirus and ClamAV

    5m
  • (Locked)
    Core tools in the GDC SOC: Palo Alto

    3m 11s
  • (Locked)
    Observability tools in the GDC SOC

    1m 29s
  • (Locked)
    LogMon

    2m 57s
  • (Locked)
    The GDC observability ecosystem

    3m 26s
  • (Locked)
    Observability tools in the GDC SOC: Grafana

    2m 36s
  • (Locked)
    The query creation process in Grafana

    3m 28s
  • (Locked)
    Observability tools in the GDC SOC: Prometheus

    2m 16s
  • (Locked)
    Observability tools in the GDC SOC: Cortex

    2m 10s
  • (Locked)
    Observability tools in the GDC SOC: Fluent Bit

    1m 31s
  • (Locked)
    Observability tools in the GDC SOC: Loki

    1m 58s
  • (Locked)
    Management tools in the GDC SOC: ServiceNow

    4m 48s
  • (Locked)
    ServiceNow at Cymbal Federal

    1m 39s
  • (Locked)
    Management tools in the GDC SOC: GitLab

    1m 49s
  • (Locked)
    Management tools in the GDC SOC: Anthos Config Management (ACM)

    1m 58s
  • (Locked)
    Management tools in the GDC SOC: Fleet

    1m 9s
  • (Locked)
    Management tools in the GDC SOC: Harbor

    1m 34s
  • (Locked)
    Management tools in the GDC SOC: Red Hat Enterprise Linux (RHEL)

    1m 7s
  • (Locked)
    Management tools in the GDC SOC: MariaDB

    1m 23s
  • (Locked)
    Module summary

    1m 20s
• Default logs, metrics, dashboards, and alerts in Splunk SIEM Default logs, metrics, dashboards, and alerts in Splunk SIEM

  • (Locked)
    Module overview

    1m 14s
  • (Locked)
    Log types in the GDC SOC

    2m 24s
  • (Locked)
    Audit logs

    5m 51s
  • (Locked)
    Audit logs at Cymbal Federal

    1m 36s
  • (Locked)
    Security logs

    51s
  • (Locked)
    Operational logs

    1m 36s
  • (Locked)
    Operational logs at Cymbal Federal

    46s
  • (Locked)
    Review: Logs in Splunk

    1m 19s
  • (Locked)
    Metrics in Splunk

    1m 27s
  • (Locked)
    Baseline metrics

    4m 34s
  • (Locked)
    Security-specific metrics in Splunk

    1m 47s
  • (Locked)
    Using Splunk metrics

    1m 57s
  • (Locked)
    Splunk metrics at Cymbal Federal

    1m 30s
  • (Locked)
    Splunk dashboards

    5m 32s
  • (Locked)
    Alerts in Splunk

    1m 19s
  • (Locked)
    Alerts at Cymbal Federal

    1m
  • (Locked)
    Alert rules

    1m 55s
  • (Locked)
    The alert inventory

    2m 4s
  • (Locked)
    Module review

    59s