Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Support on testing Splunk Enterprise as a SIEM
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have just installed Splunk Enterprise 60 day trial version and I want to test it for Cybersecurity purposes, I would like some support on do this as fast as possible, for that I would appreciate your support on:
- Does it exist any free add-on that I
can use?
- Does it exist any tutorial data for
test security events?
- Can I get any recipes from a cookbook
that allow me to apply some rules or
some dashboards?
- Can I get any step-by-step examples to
follow?
Thanks in advance for your support
Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Almost all Splunk add-ons are free. See https://apps.splunk.com
Be sure to try the Splunk Security Essentials app. It has lots of examples.
Take half a day for the free Splunk Fundamentals 1 on-line class.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Almost all Splunk add-ons are free. See https://apps.splunk.com
Be sure to try the Splunk Security Essentials app. It has lots of examples.
Take half a day for the free Splunk Fundamentals 1 on-line class.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok Thanks but where can I get tutorial data for security tests? or How to connect splunk to my local machine windows security logs?
Thank in advance for your support
Regards
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@lisardo,
The up and downside to Splunk is it's highly customizable, which also means it's a little complex. Your pre-sales engineers will work with you on demo's and some basic POCs.
Splunk success as a SIEM in the industry isn't just the product, (which is good). It's the vendor-customer relationships process they have built to connect you to experts and building experts in your company.
Generally speaking once a contract is signed most deals will include sending 2-3 admins to a variety of bootcamps to get them to speed and you will be partnered with a sales support engineer and SIEM experts to build your use case portfolio. You can expect to spend a ~month in classes and ~100 days working with sales engineers and SIEM SME's to get your internal teams going.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, thnks. I'll do it. But one of the most important thing is get tutorial data for make some studies of security. Do you know where I can get it?
Thanks in advance for your support
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Learning Splunk on your own for a POC? In either event there some intro training, but none match the vendor partnering I mentioned above.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
