topic How to set up a SOC with Splunk ? in Splunk Enterprise Security

How to set up a SOC with Splunk ?

mbdiameth — Tue, 04 Apr 2017 08:07:21 GMT

I have no experience and I need to set up a SOC/NOC with Splunk. Thank you for andurstanding me and helping me.

Re: How to set up a SOC with Splunk ?

mdessus_splunk — Tue, 04 Apr 2017 11:39:52 GMT

A SOC and NOC are a combination of tools, processes, people.
Splunk can be the tool for collecting data (logs, metrics, networks streams...) in order to monitor availability/performance and security (correlation, analytics, fraud...). It will be also a great tool for investigation in both cases.

Re: How to set up a SOC with Splunk ?

tomasmoser — Tue, 04 Apr 2017 11:50:01 GMT

Hi,

There is a book that describes generic principles about how to deploy a central big data SIEM (in reality Splunk) that is hard of SOC.
Crafting the Infosec - http://shop.oreilly.com/product/0636920032991.do. It's written by Cisco CSIRT team members.

Tomas

Re: How to set up a SOC with Splunk ?

javiergn — Tue, 04 Apr 2017 11:52:59 GMT

Did you take a look at

https://www.splunk.com/pdfs/technical-briefs/building-a-soc-with-splunk-tech-brief.pdf

https://www.slideshare.net/Splunk/sl-2015-houstonbuildingsocherrald

There are lots of resources online but you can't summarise a several months or years job in one answer I'm afraid.
My only advice if you don't have the experience would be to hire someone with that experience first and then start from that.

Thanks,
J

Re: How to set up a SOC with Splunk ?

mbdiameth — Wed, 05 Apr 2017 17:47:54 GMT

Thank you for this precious help to enlighten me

Re: How to set up a SOC with Splunk ?

mbdiameth — Wed, 05 Apr 2017 17:48:56 GMT

Thank you for this precious help to enlighten me

Re: How to set up a SOC with Splunk ?

mbdiameth — Wed, 05 Apr 2017 17:49:36 GMT

Thank you for this precious help to enlighten me