topic Re: Support on testing Splunk Enterprise as a SIEM in All Apps and Add-ons

Support on testing Splunk Enterprise as a SIEM

Lisardo — Fri, 09 Aug 2019 19:40:28 GMT

I have just installed Splunk Enterprise 60 day trial version and I want to test it for Cybersecurity purposes, I would like some support on do this as fast as possible, for that I would appreciate your support on:
- Does it exist any free add-on that I
can use?
- Does it exist any tutorial data for
test security events?
- Can I get any recipes from a cookbook
that allow me to apply some rules or
some dashboards?
- Can I get any step-by-step examples to
follow?
Thanks in advance for your support
Regards

Re: Support on testing Splunk Enterprise as a SIEM

richgalloway — Fri, 09 Aug 2019 21:54:56 GMT

Almost all Splunk add-ons are free. See https://apps.splunk.com
Be sure to try the Splunk Security Essentials app. It has lots of examples.

Take half a day for the free Splunk Fundamentals 1 on-line class.

Re: Support on testing Splunk Enterprise as a SIEM

Lisardo — Sat, 10 Aug 2019 08:04:05 GMT

Ok, thnks. I'll do it. But one of the most important thing is get tutorial data for make some studies of security. Do you know where I can get it?
Thanks in advance for your support

Re: Support on testing Splunk Enterprise as a SIEM

Lisardo — Sat, 10 Aug 2019 10:19:32 GMT

Ok Thanks but where can I get tutorial data for security tests? or How to connect splunk to my local machine windows security logs?
Thank in advance for your support
Regards

Re: Support on testing Splunk Enterprise as a SIEM

daniel333 — Sat, 10 Aug 2019 16:27:57 GMT

@lisardo,

The up and downside to Splunk is it's highly customizable, which also means it's a little complex. Your pre-sales engineers will work with you on demo's and some basic POCs.

Splunk success as a SIEM in the industry isn't just the product, (which is good). It's the vendor-customer relationships process they have built to connect you to experts and building experts in your company.

Generally speaking once a contract is signed most deals will include sending 2-3 admins to a variety of bootcamps to get them to speed and you will be partnered with a sales support engineer and SIEM experts to build your use case portfolio. You can expect to spend a ~month in classes and ~100 days working with sales engineers and SIEM SME's to get your internal teams going.

Re: Support on testing Splunk Enterprise as a SIEM

daniel333 — Sat, 10 Aug 2019 16:29:14 GMT

Learning Splunk on your own for a POC? In either event there some intro training, but none match the vendor partnering I mentioned above.

https://www.pluralsight.com/search?q=splunk