Putting the "Act" in OODA: Splunk support to DoD Cyber Operations

This presentation will make team members aware of two projects that CNMF has begun working on.

First, we will cover how CPTs can use Phantom for automation of reconnaissance and data collection while on mission, and how they are currently using Phantom to automate the RFI process during split based hunt forward operations.

Second, we will discuss the art of the possible for using an automation capability to orchestrate offensive cyber operations.

Third, we will cover how the teams now have access to a tool called DCTS (Data Caching, Triaging, and Staging). DCTS is an AWS GovCloud data store and data analytics capability. It is FedRAMP certified. During Hunt Forward missions, operators will be able to send data to DCTS for rapid, flexible, self-service analytics and enrichment with threat intelligence for triage purposes.

Sabrina is a former DoD Contractor, USCYBERCOM employee, and NSA employee. She is currently serving as the Program Manager for USCYBERCOM at Splunk. She has supported the command as a solutions engineer for four years and is now the program manager.

Josh Hoge spent 20 years in Army special operations and intelligence community…started as an Arabic language interrogator, moved into SIGINT/EW and moved on to on-net cyber operations. He has been with Splunk for 10 months now and is the lead Solutions Engineer for USCYBERCOM.