I have just installed Splunk Enterprise 60 day trial version and I want to test it for Cybersecurity purposes, I would like some support on do this as fast as possible, for that I would appreciate your support on:
- Does it exist any free add-on that I
can use?
- Does it exist any tutorial data for
test security events?
- Can I get any recipes from a cookbook
that allow me to apply some rules or
some dashboards?
- Can I get any step-by-step examples to
follow?
Thanks in advance for your support
Regards
Almost all Splunk add-ons are free. See https://apps.splunk.com
Be sure to try the Splunk Security Essentials app. It has lots of examples.
Take half a day for the free Splunk Fundamentals 1 on-line class.
Almost all Splunk add-ons are free. See https://apps.splunk.com
Be sure to try the Splunk Security Essentials app. It has lots of examples.
Take half a day for the free Splunk Fundamentals 1 on-line class.
Ok Thanks but where can I get tutorial data for security tests? or How to connect splunk to my local machine windows security logs?
Thank in advance for your support
Regards
@lisardo,
The up and downside to Splunk is it's highly customizable, which also means it's a little complex. Your pre-sales engineers will work with you on demo's and some basic POCs.
Splunk success as a SIEM in the industry isn't just the product, (which is good). It's the vendor-customer relationships process they have built to connect you to experts and building experts in your company.
Generally speaking once a contract is signed most deals will include sending 2-3 admins to a variety of bootcamps to get them to speed and you will be partnered with a sales support engineer and SIEM experts to build your use case portfolio. You can expect to spend a ~month in classes and ~100 days working with sales engineers and SIEM SME's to get your internal teams going.
Ok, thnks. I'll do it. But one of the most important thing is get tutorial data for make some studies of security. Do you know where I can get it?
Thanks in advance for your support
Learning Splunk on your own for a POC? In either event there some intro training, but none match the vendor partnering I mentioned above.