Alerting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are Splunk SOC rules?

VijaySrrie
Builder
‎06-30-2022 01:30 AM

Hi All,

Please help me with the splunk alerts for below scenario

 

Thanks,

Vijay Sri S

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-30-2022 02:28 AM

Hi @VijaySrrie ,

 

You can take reference from these:

 

Actually, this is not the list of scenarios, actually to achieve one of the items you listed here you may require to implement many alerts.

For example,  to implement the "Criminals gain access to the platform and install Ransomware that disrupts platform" scenario, there are many sample searches already provided here - https://research.splunk.com/stories/ransomware/ And you can make countless more.

 

But, I'm happy to hear from others who have better security experience than me to find out if there is a quicker way to go about this.🤔


I hope this helps!!! 

SOC is not installation but rather a journey.!!!!

View solution in original post

Reply
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎06-30-2022 02:28 AM

Hi @VijaySrrie ,

 

You can take reference from these:

 

Actually, this is not the list of scenarios, actually to achieve one of the items you listed here you may require to implement many alerts.

For example,  to implement the "Criminals gain access to the platform and install Ransomware that disrupts platform" scenario, there are many sample searches already provided here - https://research.splunk.com/stories/ransomware/ And you can make countless more.

 

But, I'm happy to hear from others who have better security experience than me to find out if there is a quicker way to go about this.🤔


I hope this helps!!! 

SOC is not installation but rather a journey.!!!!

Reply
Solved! Jump to solution

VijaySrrie
Builder
‎06-30-2022 01:31 AM
 
 
Criminals gain access to the platform and install Ransomware that disrupts platform
An employee deliberately or accidentally misusing their access to PII records
Denial of service attack by criminals or state-sponsored actors flooding cloud resources, causing platform to become unavailable and inaccessible.
Supply chain security is compromised and Ovo loses access to services it is provided
Ineffective controls on endpoint devices, enabling unauthorised access by criminals or state-sponsored actors
Criminals gain access to underlying cloud infrastructure and steal PII data
Criminals gain access to exposed APIs and steal PII data
Users could escalate privileges and/or move laterally in the platform to see data they shouldn't
0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...