Splunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ Slides

Hey mad scientist, why so angry? Learn how Splunk is rethinking experiments in the Machine Learning Toolkit (MLTK) to make your life easier. Find out how we're changing the experiment workflow to reflect real-world usage of the MLTK, and make it easier for people new to the MLTK to get up and running. Strap on your safety goggles and let's get experimenting! Speaker(s) Gyanendra Rana, Senior Product Manager, Splunk Ryan Oriecuia, Principal Software Developer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1553.pdf?podcast=1577146259 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Good for all skill levels

This presentation will discuss how Security Operation Centers (SOCs) will need to change to meet the cybersecurity challenges of the 2020s. The speaker will draw on his experience as a founder of the first SOC-as-a-Service company that delivers managed security services using Splunk. Most industry analysts envision that the next generation of SOCs will leverage AI, Big Data, and the Cloud, but how far can automation take us and is the concept of an autonomous SOC really practical? How will the SOC of the Future address the global shortage of cyber professionals? How will the role of security analysts need to change? Will the SOC of the Future still need to be housed in dedicated physical facilities? The speaker will provide a blueprint of Proficio’s vision of the SOC of the Future using Splunk and provide a playbook for IT leaders and aspiring IT leaders on how to drive continuous improvement in productivity and measurable outcomes. Speaker(s) Brad Taylor, Proficio Slides PDF link - https://conf.splunk.com/files/2019/slides/SECS2839.pdf?podcast=1577146259 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Good for all skill levels

Tired of relying on static threshold-based alerts that don’t seem to provide much value? Do you typically end up finding outliers in your data by staring at lines on your dashboards? We are told machine learning is going make alerts and dashboards smarter, but how? We will help demystify machine learning and provide a practical guide to apply machine learning techniques for numeric outlier detection, and forecasting to make alerts and dashboards smarter and easier to use for actionable results. We will show you the basics of how you can understand your data, get them ready for machine learning, and get the machine to start working for you! You will leave the session beginning to think like a data scientist and knowing how to apply purpose-driven machine learning to your searches in Splunk! Speaker(s) Eurus Kim, Staff ML Architect, Splunk Amir Malekpour, Principal Software Engineer, Machine Learning, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1213.pdf?podcast=1577146259 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Intermediate

Deception, automation, and real-time data exploitation help security organizations go on offense vs attackers. In this session we will discuss how to use a variety of deception techniques to gather threat intelligence, how to create an automated response, and how to test response playbooks to validate that responses work as expected. Speaker(s) Vincent Urias, Researcher, Sandia National Laboratories Will Stout, Researcher, Sandia National Laboratories Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2203.pdf?podcast=1577146259 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

Paychex’s goal of providing the best user experience for our clients has led to a significant investment in performance testing and monitoring of our applications. Currently all Paychex applications record the execution time for every task and subtask to logs. These are indexed by Splunk, allowing us to identifying areas where changes to code and database queries will have a positive impact on the overall user experience. This presentation will focus on combining this user experience data with client demographic data (such as the number of active employees) and using the Splunk Machine Learning Toolkit to build predictive models of user experience based on client demographic data. Speaker(s) Ken Tupper, Lead Performance Engineer, Paychex Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1631.pdf?podcast=1577146259 Product: Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Intermediate

Obtaining data to develop defenses against threats is a constant challenge for security analysts. To that end, Splunk's Security Research team developed the Splunk SIEMulator, a framework modeled after Chris Long's DetectionLab that allows a defender to replay attack scenarios using AttackIQ in a simulated environment. SIEMulator’s Attack Range environments are all configured with Splunk forwarders and the apps necessary to create and store data in CIM data models. We'll show you how to use the SIEMulator to produce shareable data that can help security analysts replicate scenarios and effectively detect, investigate, and respond to threats. Speaker(s) Phil Royer, Research Engineer, Splunk Rod Soto, Principal Security Research Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1671.pdf?podcast=1577146259 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Advanced

Finding anomalies in network data is no easy task, especially when you have terabytes of logs per day to analyze. But have no fear, we’re going to teach you how. In this session we will perform a technical deep dive into how a global content delivery network provider is using Splunk’s Machine Learning Toolkit to discover anomalies in network traffic. We’ll take you on a data science journey and show you how we tested multiple anomaly detection techniques, overcame challenges, fine-tuned detections, and ultimately arrived at meaningful alerts based on machine learning. Speaker(s) Jim Goodrich, Senior Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1390.pdf?podcast=1577146259 Product: Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Good for all skill levels

Our security research, engineering and product teams have been hard at work building new capabilities to bolster your Splunk security stack. Find out what they’ve been up to since .conf18, and watch a demonstration of the latest innovations in Splunk Enterprise Security, Splunk User Behavior Analytics, and Splunk Phantom. There are other awesome developments that we can’t share now but are excited to share with you at .conf. Speaker(s) Kyle Champlin, Senior Product Manager, Splunk Patriz Regalado, Sr. Product Marketing Manager, Splunk Rob Truesdell, Sr Director, Product Management, Splunk Chris Simmons, Director of Product Marketing, Splunk Koulick Ghosh, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2366.pdf?podcast=1577146259 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Want to use your custom model with the data already in Splunk? Want to contribute to an open library for Machine Learning Toolkit (MLTK) algorithms? Want to use your favorite Machine Learning library? This session will help you to create custom algorithms and leverage the power of any ML algorithm you have ever wanted to use for your application. Traverse the entire process from building a custom algorithm, fitting the model to your data, testing your application, to contributing to the MLTK Algorithms library on Github. Speaker(s) Karthika Krishnan, Senior Forward Deployed Software Engineer, Splunk Ankit Bhagat, Forward Deployed Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1540.pdf?podcast=1577146259 Product: Splunk Enterprise, Splunk Machine Learning Toolkit Track: Foundations/Platform Level: Intermediate

Why should running a business feel any different than throwing a party? To demonstrate how Splunk can be used to monitor and manage business operations, the DATA Mavericks team at Acceleris has iteratively perfected its Party Dashboard. It started out as a gimmick at the inauguration party of the company's new headquarters, but now the Party Dashboard demonstrates how Splunk’s dashboarding helps any team get real-time visibility into any operation. Join this session to learn why they chose the relevant metrics, how they collected and fed the data to Splunk, and what meaningful insights were generated as a fun introductory example of using Splunk to get visibility into your business operations. Speaker(s) OJ Stapleton, Data / Tech Master, Data Mavericks by Acceleris Martin Gerber, Crunching Master, Acceleris AG Slides PDF link - https://conf.splunk.com/files/2019/slides/BA1623.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit Track: Business Analytics Level: Good for all skill levels

Detecting abnormal behavior is an important objective in security monitoring, but is extremely challenging as we mostly are expected to detect "unknown unknowns." We can, however, use an entity's past behavior to measure how much of what we observe today deviates from normal behavior. In this way we can detect unknown, hidden and insider threats early on to stay ahead of advanced threats. This talk presents a unified, scalable framework for anomaly detection that is built on the frequent itemset mining technique. The premise is that if we can align an event with more frequent patterns observed in history, then the event is unlikely to be an anomaly. By mining through an extensive set of features and feature co-occurrences, the model can accurately capture the normal behaviors. Any new behaviors can then be scored. At which point, any new rare co-occurrences of events can be detected and sent to analysts and SOC teams for rapid investigation. Speaker(s) Nancy Jin, Data Scientist, Splunk Ping Jiang, Sr. Software Engineer in Test, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1230.pdf?podcast=1577146258 Product: Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Intermediate

“Our IT-powered business processes are too slow.” Does this sound familiar? If so, that is usually the perfect starting point to dig in and start improving them. Unfortunately, specific data that could help with that effort are not available – normally. In this session we will show you how we at Arvato Supply Chain Solutions got the data we needed and used it to improve the collaboration between IT and business. You will learn how we connected different IT systems such as SAP and conveyor line to Splunk Cloud, and how this helped us to analyze business processes with IT Service Intelligence (ITSI). And, as the icing on the cake, we give you a sneak peak of the machine learning algorithm we implemented to continuously improve our business processes. Speaker(s) Ralf Walkenhorst, ITOA Specialist, Splunk Holger Diekhoff, Manager Operational Intelligence, Arvato Supply Chain Solutions Slides PDF link - https://conf.splunk.com/files/2019/slides/BA1512.pdf?podcast=1577146258 Product: Splunk Cloud, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit Track: Business Analytics Level: Beginner

Threat hunting is hard, and threat hunting in an enterprise network with thousands of endpoints is even harder. We will demonstrate how we leveraged Splunk Enterprise to build an Advanced Threat Hunting platform designed for large scale threat hunting of 100,000 or more endpoints. Using Splunk Enterprise allows us to combine analytics, data enrichment, and custom workflows to display in one platform the most important data to analysts. Our threat hunting platform addresses the challenges of data retention and collection, high false positive rates, and analyst fatigue, all while lowering the time to detection of malicious incidents and improving the efficiency of enterprise SOC operations. Speaker(s) Dan Rossell, Analyst, Booz Allen Hamilton Ashleigh Moriarty, Lead Technologist, Booz Allen Hamilton Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1071.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit Track: Security, Compliance and Fraud Level: Intermediate

We will share experiences and best practices for implementing notable events, the various Splunk Enterprise Security frameworks, and adaptive response actions, and we'll share our approach for building a program to consistently develop, measure, and iterate on correlation searches. We will discuss how to integrate lessons learned from incidents, red team engagements, threat intelligence, threat hunting, and requirements from business units into the program. Example tactics we'll cover include leveraging low-fidelity detections to develop higher-fidelity and higher-value ones, managing detection content simply and easily through macros, and building a formula to assess the efficacy of your detection content. Speaker(s) Chris Ogden, Principal Threat Detection Engineer, Sony Corporation of America Drew Guarino, Senior Threat Detection Engineer, Sony Corporation of America Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1674.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Enterprise Security, AI/ML Track: Security, Compliance and Fraud Level: Good for all skill levels

Splunk User Behavioral Analytics (UBA) is a machine learning driven solution that helps organizations find hidden threats and anomalous behavior across users, devices, and applications. In this session we'll answer questions that came up during our large-scale deployment such as, once you've got UBA installed, how do you know if it is working well in your environment? And how long after installation does it take for the system to be operational and produce results? We'll also share best practices for validating outputs and tuning the system. This session will help you jumpstart your understanding of UBA and help you get your UBA deployment into production and detecting threats faster. Speaker(s) Teresa Chila, Data Scientist, Chevron Maria Sanchez, Technical Support Engineer, User Behavioral Analytics (UBA), Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1490.pdf?podcast=1577146258 Product: Splunk User Behavior Analytics, AI/ML Track: Security, Compliance and Fraud Level: Good for all skill levels

Los Angeles World Airport has chosen Splunk's ITSI as their centralized event/alert management platform. We’ve consolidated alerts/events from multiple management platforms across the enterprise, reducing help desk churn by grouping similar events, and evaluating the results against smart Key Performance Indicator (KPI) thresholds so that only actionable alerts or events are processed. In addition, we’ve broken down the legacy data siloes through the use of service definitions, glass tables, and deep-dives, providing better insight for all team members. Lastly, we’ve automated ITSI service and dependency creation via the Splunk ServiceNow bi-direction integration App. Plan top attend this session and you will learn how we’ve increased visibility (making data available for everyone); increased efficiency by reducing alert/event noise; improved resolution using ITSI Smart KPIs; and implemented auto service creation via ServiceNow Speaker(s) Kelcy Taylor, SLED Account Manager, Splunk Shahla Dallalzadeh, IT Manager, Los Angeles World Airports Michael Friedhoff, Director & Lead Architect, Wipro Ltd. Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1564.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit Track: IT Operations Level: Good for all skill levels

Anomaly Detection, Predictive Analytics, and Clustering — oh my! Splunk customers want answers from their data, and machine learning is here to help. This session will help demystify the machine learning process, show how common machine learning themes are used for different outcomes at customers around the world, and give you next steps for achieving success at home by implementing machine learning! We aren’t talking about just science projects. We'll be giving examples and public details about Splunk’s Machine Learning Advisory successes over the years. Expect to leave with tangible examples you can implement back in the real world - if you can Escape from Vegas! Speaker(s) Iman Makaremi, Principal Product Manager – Machine Learning and AI, Splunk Harsh Keswani, Product Manager: Machine Learning, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1470.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Intermediate

Take a deep dive in this enablement focused presentation where we cover the background, data and how to implement 3 Splunk solutions entirely captured in this sessions' companion app that shows how to use Splunk for maintaining a state of good repair, make data-driven decisions to garner rate payer confidence and proactively realize conservation goals.  The use cases covered in this session are: *** Corrosion Analytics - See how to use machine learning combined with ArcGIS, Maximo and Corrosion data to create an interactive map to predict pipe failures and replacement priorities based on proximity to sensitive infrastructure. *** Mobile Work Fleet - see how to use scripted inputs to develop asset management dashboards, make data driven purchasing decisions and optimize routes. *** Water Leak detection - see how Splunk's Machine Learning Toolkit can be used to easily detect anomalous consumption based on user behavior and automate alerting utilities and customers to prevent water waste. Speaker(s) Tony Nesavich, Staff Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/IOT1318.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Internet of Things Level: Good for all skill levels

Marcus by Goldman Sachs is an online, consumer lending and savings platform, often referred to as a startup within the 150-year-old company. The Marcus platform was designed and built from the ground up using the latest technologies and following agile software practices. Splunk software is used to monitor application and infrastructure logs and supports not only DevOps but also Development, QA, Production Support, and Security teams. This session will cover the challenges and successes we have experienced during our first years of rapid growth, the products and capabilities that we added to our platform this year, and provide a glimpse at the potential role of Splunk Next products in online retail banking use cases in the future. Speaker(s) Yisroel Bongart, Senior Sales Engineer, Splunk Maria Loginova, Vice President, Goldman Sachs Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1931.pdf?podcast=1577146258 Product: Splunk Enterprise, AI/ML Track: IT Operations Level: Good for all skill levels

Blockchain scalability is one of the main barriers to adoption of this revolutionary new technology. Finance, supply chain, and e-commerce blockchain deployments often have peak throughputs that far exceed their baseline. For example, when tickets for a popular concert go on sale, the peak transaction throughput will result in unacceptable latency for the users. Samsung SDS Accelerator is a layer 2 scaling solution for Hyperledger Fabric that enables up to 10x transaction throughput during this burst of activity. Using Splunk MLTK, we’re able to detect and react to these bursts of activity without compromising the security guarantees of the underlying blockchain. Speaker(s) Jeff Wu, Senior Product Manager, Blockchain, Splunk Ted Kim, Samsung SDS Slides PDF link - https://conf.splunk.com/files/2019/slides/FN2069.pdf?podcast=1577146258 Product: Splunk Enterprise, AI/ML Track: Foundations/Platform Level: Intermediate

To tame an event queue that's ballooning out of control, you need to know first which rules and data sources are generating a disproportionate number of alerts, and second the security value you're getting from those rules and data sources. Any changes made to rules or telemetry analyzed without that knowledge risk making your organization more vulnerable. In this session we'll discuss how Splunk empowers us to perform advanced analytics on everything from alert conversion rates to human time expenditure on alerts so that we can optimize all processes related to alerting. As long as we know what to measure and where to look, Splunk can help us tune our security operations centers to reduce monotony and false positives without diminishing our ability to detect actual threats. Speaker(s) Keshia LeVan, Detection Engineer, Red Canary Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2105.pdf?podcast=1577146258 Product: Splunk Cloud, Splunk Machine Learning Toolkit Track: Security, Compliance and Fraud Level: Advanced

Join us to see the latest developments with Splunk’s Security Operations Suite. We’ll share background on the underlying architecture as well as a showcase of new features. Learn how your security use cases are solved with scale and performance. Speaker(s) Rob Truesdell, Sr Director, Product Management, Splunk Atom Coffman, Starbucks Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1706.pdf?podcast=1577146258 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Beginner

Do you want to predict an outage before it happens? Are you wondering how to pursue the incremental journey to Artificial Intelligence Operations (AIOps)? This case study will reveal a real-world use case from T-Mobile USA and show you how to predict cell tower congestion in advance using Splunk Machine Learning Toolkit. In the age of binge watching on cell phones and wireless broadband services, cell congestion reduces speed and reliability and results in buffered video streaming and/or dropped calls that dents the use of services and the revenue. Building forecasting models for congestion requires correlation of several parameters including seasonal variations. Doing this on a large scale in real time takes significant resources. In this session, attendees will learn about the journey to build this predictive capability, including data analysis techniques, machine learning algorithms, benefits, and lessons learned. Speaker(s) Vijay Veggalam, Member of Technical Staff, T-Mobile Gintaras Gaigalas, Sr. RF Engineer, T-Mobile Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1722.pdf?podcast=1577146258 Product: Splunk Machine Learning Toolkit Track: IT Operations Level: Good for all skill levels

Copper River ES, a strategic partner for Splunk public sector, is working with a large federal agency that has restructured their NOC and SOC organizations into a single unified entity as part of operational optimization.  The agency is responsible for protecting IP and other assets totaling $4.3 trillion as part of safeguarding the nation’s food supply chain.   The goal was to enhance the ability to handle problem escalations quickly and improve communications between teams. They are currently ingesting more than 3TB daily across 65 data sources where Splunk is leveraged as an integrated data platform and framework service to act as a nerve center for the combined NOC and SOC teams. Implementation has resulted in dramatically reducing MTTD to an average of less than 30 min compared to previous times of up to 12 hours, MTTR times from 16 hours to often less than 1 with overall outage times having now been reduced by about 68%. From a security perspective, it is used to identify data exfiltration and insider threats, as well as for security operations and compliance.  Increasing visibility into all aspects of system operations and troubleshooting efforts is now supported through a series of custom Splunk App’s, glass tables, reports and alerts with operational guides and training to best leverage the capabilities Splunk has generated. Speaker(s) Sandy Voellinger, Copper River Enterprise Services Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1921.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Foundations/Platform Level: Good for all skill levels

Join this session to learn the do’s and dont’s of rolling an effective cloud security visibility platform for a global organization. We will cover topics such as why we moved away from our previous SIEM provider, deploying and managing a cloud-based SIEM, and effectively using a third party organization to provide tier 1 and 2 event and incident support. Speaker(s) Simon O’Brien, Principal Sales Engineer, Splunk Grant Slender, Chief Information Security Officer, QIC Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1205.pdf?podcast=1577146258 Product: Splunk Cloud, Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

Let's face it, sometimes you don't know what you don't know. With vast amounts of cloud data coming in at cloud-speed, it can be difficult to see through the noise and know what to look for. Are malicious adversaries attempting to comprise the environment? Is my environment under- or over-provisioned? Do I have an insider possibly exfiltrating company data? Are employees actually using the services? What is all of this costing per service, department, business unit? Don't worry, we will help you figure all this out in a prescriptive manner by showcasing these and other use cases. Then, we will show you the "how" by exposing the searches, the data needed, and showing you how to onboard that data. You will walk away with use cases that can be implemented immediately in your own environment. Speaker(s) Jason Conger, Solution Architect, Splunk Ry Lait, Senior Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1328.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit Track: Foundations/Platform Level: Intermediate

Splunk is increasingly at the forefront of new approaches to IT Operations, especially in disruptive ‘cloud-native’ businesses. This session will help you understand how ‘New Ops’ techniques like Observability, Site Reliability Engineering, SLOs/SLIs, Error Budgets, ChatOps, and Blameless Post-Mortems can help your IT Ops team; and how you can adopt ‘New Ops’ technologies like Containers, Microservice Architectures, Machine Learning, Orchestration, Predictive Analytics, and AI for IT Ops. Speaker(s) Andi Mann, Chief Technology Advocate, Splunk Endre Peterfi, Staff Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/IT1448.pdf?podcast=1577146258 Product: Splunk IT Service Intelligence, Splunk Machine Learning Toolkit, VictorOps Track: IT Operations Level: Intermediate

Last year at .conf18 we used Splunk and Machine Learning Toolkit (MLTK) to analyze and predict the crime in London. This year we are taking a step forward and analyzing the bias in the police actions in the U.K. We will use police, population, religion, and race data to understand how police use their powers in different areas on people from different racial backgrounds. We will use open data sources and index them in Splunk. Using advanced visualizations we will analyze the data and understand more about police actions. Then using MLTK we will create a predictive model for crimes and then analyze the model for any bias due to the data provided. Machine bias is a real issue nowadays when machine learning algorithms are increasingly being used by government agencies to predict crime and even pass sentences on convicts. We need to understand that along with having positive impact of predicting crime, it can have a long-lasting negative impact as well. Speaker(s) Shashank Raina, Professional Services Consultant, NCC Group Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1679.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Machine Learning Toolkit Track: Foundations/Platform Level: Intermediate

Do you want to rely on manual intervention to fix your application if something goes wrong? In this deep-dive session you will learn how Priceline uses machine learning to find outliers and anomalies in various data sets, including but not limited to bookings, search patterns, changes in logging patterns, etc. You will learn how we used machine learning combined with predictive analytics to solve variety of use cases. For example, we collect Kafka offset data, which is sending data to their respective syncs. We also monitor to see if the traffic is receded or data consumption has increased or decreased unexpectedly. We will show how different stages of application states are controlled with the use of data and alerts, like disabling the app and enabling it according to the data. We also will show you how Priceline deals with brownouts, the gradual degradation of volumes by using machine learning over long periods, using different self healing techniques and custom apps. Speaker(s) Mukund Murthy, Software Engineer, Priceline.com Pranav Nandedkar, software engineer, Priceline.com Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1916.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Good for all skill levels

Whether you have just SSE or all of Splunk's Premium Products, you can benefit from the ton of Security Content that Splunk produces. We'll start this session by setting a quick baseline on all of the fantastic detections that Security Essentials has had in the past, and then jump into the new prescriptive guides, MITRE ATT&CK™ integration, Auto-Dashboard-Magic, and all the related functionality that will help you plan your usage of any/all of Splunk's security products. We'll present all this information through the lens of helping you get the best possible detections deployed with the least amount of effort. Speaker(s) David Veuve, Principal Security Strategist, Splunk Johan Bjerke, Principal Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2013.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Good for all skill levels

Maturing and scaling your security operations rests on your ability to process and analyze huge volumes of often unrelated data in real time. But today's tools notoriously overwhelm SOC analysts with the sheer number of alerts and high percent of false positives, resulting in confusion about what tools to use for investigation and response. In this session, members of Splunk's Security Research Team will discuss the next generation of Enterprise Security Content Updates that they developed, which integrate the entire Splunk for Security product suite to create a robust end-to-end defense—detection, investigation, and response. We will go over how to use these security guides, which will leverage Splunk Enterprise Security, Splunk Phantom, and Splunk User Behavior Analytics. We'll also highlight the Run Story feature we built to operationalize ESCU Analytics stories and share tools and techniques customers can use to write and test their own use cases. Speaker(s) Bhavin Patel, Security Software Engineer, Splunk Jose Hernandez, Security Researcher, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1775.pdf?podcast=1577146258 Product: Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Are you drowning in a sea of data that expands daily? Overwhelmed by 1000s of events and alarms? Tasked with tracking a dynamic, ever-morphing infrastructure? Expected to resolve requests, incidents, and performance issues in seconds, not days… without adding any more headcount to your team? You’re not alone.Enter Automation, AIOps, and machine learning (ML). It’s finally IT’s turn to harness these powerful technologies to improve operational efficiency, reduce MTTR, eliminate alarm noise, streamline service requests, increase performance without lifting a finger, and tame the beast of IT complexity. Join our session as we explore practical applications for these technologies today and in the future to transform the way you approach IT operations. Get real world examples from other IT professionals and see how you can maximize your investments in Splunk, ITSM, monitoring tools, and more by bringing AI, ML, and automation to the mix.​ Speaker(s) Rob Kelsall, VP, Global Sales Engineering, Resolve Systems Slides PDF link - https://conf.splunk.com/files/2019/slides/ITS2752.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit Track: IT Operations Level: Good for all skill levels

If we hear a nearby gunshot, we instinctively react. A mechanic often knows their machine's sound so well that they can diagnose issues by sound alone. While machines can be given analytical capabilities with machine learning (ML), sensing human inputs - like auditory or other sensory data - in a form that machines can understand is challenging. In Splunk, we have been all about making machine data accessible to humans, but what if we flip that and make human data accessible to machines? I take audio captured from live and recorded sources and using Fast Fourier transform feed it into Splunk's Machine Learning Toolkit (MLTK) for classification and anomaly detection. Can we use Splunk to detect gunshots? Can we learn a machine’s normal sounds to detect pending failures? This presentation uses Splunk to apply superhuman ML detection and learning capabilities to human data to show that the MLTK contains accessible tools you can apply to your IT and security problems. Speaker(s) Joshua Marsh, Senior Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/IoT1560.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Internet of Things Level: Good for all skill levels

Aflac measures risk to provide financial protection to more than 50 million people worldwide. Join this session to learn how Aflac mitigates fraud by using Splunk's Machine Learning Toolkit (MLTK) to find outliers and cluster events. Using Splunk and the MLTK reduced the time needed to conduct necessary analyses (e.g. link analysis) from weeks and months to just minutes—we will share with you how we use Splunk's MLTK to iterate quickly, develop new anomaly detection techniques, and improve our overall fraud mitigation perfomance. Speaker(s) Matthew Harper, Director, Cyber Crime Prevention, Aflac Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1904.pdf?podcast=1577146258 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Advanced

This presentation will walk users through how to use the machine learning toolkit to accurately forecast disk usage across their entire environment, giving them the exact day, month, and year when a server will run out of disk space. No more being awakened at 3:00 am for a bridge call due to a drive running out of disk. This process also can be used by capacity planning teams to select a future date and get a clear view of capacity across the business for all servers. Using machine learning to remove tech debt in an organization does not require a data scientist. You can do it if you have the right server metrics and the MLTK installed. Speaker(s) Steve Koelpin, Splunk Advisor, TransUnion Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1137.pdf?podcast=1577146257 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML Track: Foundations/Platform Level: Intermediate

Wouldn’t it be great if you can just be proactively told when your Splunk deployment needs your attention? Wouldn’t it be simply awesome to go to one place and know exactly what the problem is and how to resolve it? At Splunk we understand that every organization suffers the pain of throwing resources to keep the lights on for their infrastructure environment. Fortunately the new version of Splunk Monitoring helps you know when things are not performing as expected. You can now see health of deployment wide without affecting your search or indexing latency and go through guided set of checks curated from years of support experience to solve issues first hand.  Speaker(s) Amrit Bath, Sr Manager, Engineering, Splunk Shruti Anand, Product Manager, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/FN2087.pdf?podcast=1577146257 Product: Splunk Enterprise, Splunk Machine Learning Toolkit Track: Foundations/Platform Level: Good for all skill levels

Are your analysts spending too much time clearing through notable events? Ours were too, but today our analysts are living the dream: they have all the details they want right there on the Incident Review screen, all while our alerts fine-tune themselves (with workflow action human input). Come and see how we achieved Incident Review Screen 2.0. by using Splunk's Machine Learning Toolkit to transition to smarter correlation searches. Speaker(s) Lukasz Antoniak, Cyber Detection Crafting Chief, Viasat Ryan Rake, Viasat Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1673.pdf?podcast=1577146257 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, AI/ML Track: Security, Compliance and Fraud Level: Intermediate

Learn how to build powerful apps with the Splunk Developer Cloud.  Speaker(s) Tedd Hellmann, Sr. Product Manager, Splunk Eric Cheng, Senior Software Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/DEV1476.pdf?podcast=1577146257 Product: AI/ML, Splunk Developer Cloud Track: Developer Level: Intermediate

So you have a SIEM with security data, e.g. firewalls, proxy, endpoint data, etc. Now what? How do you effectively operationalize your investment? This session provides recipes, principles, patterns, and strategies for using Splunk and data-driven analytics to move your security monitoring and compliance effectiveness up the maturity curve. This session will cover how to identify key mixes of data sources, core OOTB content to use, and how to layer capabilities aligned with your maturity. We will help you go beyond the endless alerts and investigations and start creating value by reducing the impact of potential security events. We're excited to show you that there's no need for a PhD in security assurance and operations—just Splunk and a solid plan. Speaker(s) Paul Davilar, Security Consultant, Splunk Paul Pelletier, Sr. Security Consultant, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1391.pdf?podcast=1577146257 Product: Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom Track: Security, Compliance and Fraud Level: Intermediate

Production of crystal and gemstones requires high-class, top-quality output and unmatched quality and accuracy in the E2E production line. Based on in-depth experience, our joint client is one of the leading providers of production line machinery, serving its own business units as well as industry customers with precision optical instruments, grinding, sawing, drilling, and dressing tools. The new technical innovations in the area of Industrial Internet of Things (IIoT) offer completely new options to improve smart production lines. Thus Accenture is partnering with Splunk on creating a roadmap to build a fully digital, smart factory that will become a world-leading lighthouse facility. This session will provide insights into how the power of data enabled by Splunk can realize a quantum step in modern production line environments. It also will help you understand the value of data science for predictive quality, digital twin scenarios, reduced lot size, and closed loop R&D processes. Speaker(s) Stefan Schroder, Managing Director, Accenture Ron Perzul, Senior Sales Engineer, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/IoT1509.pdf?podcast=1577146257 Product: Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML, Splunk for Industrial IoT Track: Internet of Things Level: Good for all skill levels

In this session, we tackle data breaches and information exfiltration from cloud file stores. Beyond the attacks that make headlines and result in millions of stolen personal records, we will also focus on the far less publicized risks related to exposure of intellectual property, infrastructure details or finances. We will share our experience in building a defensive strategy that now detects highly-covert exfiltration attempts.To this end, we first shed a lot of light on how companies use general-purpose file stores, such as Box, Office365 or Google Drive. We cover the types of files that commonly get stored in the cloud, file sharing practices, access properties, as well as uses of cloud stores by various departments. There are a lot of unexpected insights which eventually invalidate common security assumptions.As the boundary between good and bad gets blurred, we will provide you with a peek into how to design an effective data-driven defense. This approach helped us hone our detection to just tens of validly suspicious exfiltration files in a massive cloud store. Speaker(s) Stanislav Miskovic, Security Data Science, Splunk Ignacio Bermudez Corrales, Senior Data Scientist, Splunk Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC2083.pdf?podcast=1577146257 Product: Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics Track: Security, Compliance and Fraud Level: Advanced

"Did we just lose ALL our knowledge objects? Do you know how much time and energy that was?" After a destructive resync, Paychex lost two months of its knowledge object creations/modifications. We learned to be prepared if it were to ever happen again. How? It's easier than you might think, and you don't have to be an admin. You’ll learn how to proactively save your work (dashboards, reports, data models, MLTK experiments, ITSI glass tables, macros, views, etc.) and audit changes when they occur. You will leave the session knowing how to manage the ever-increasing amount of things you create. You'll also have solutions that can save you time and effort from having to recreate lost/modified objects, including how to restore service faster. You also will come away with peace of mind knowing that you can take control of safeguarding and protecting your work, thereby covering your assets when a disaster happens. Speaker(s) Dustin Marling, Splunk App Developer, Paychex Eric Favreau, Service Health Operations Analyst, Paychex Slides PDF link - https://conf.splunk.com/files/2019/slides/FN1315.pdf?podcast=1577146257 Product: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit Track: Foundations/Platform Level: Good for all skill levels