All Apps and Add-ons

Support on testing Splunk Enterprise as a SIEM

Lisardo
New Member

I have just installed Splunk Enterprise 60 day trial version and I want to test it for Cybersecurity purposes, I would like some support on do this as fast as possible, for that I would appreciate your support on:
- Does it exist any free add-on that I
can use?
- Does it exist any tutorial data for
test security events?
- Can I get any recipes from a cookbook
that allow me to apply some rules or
some dashboards?
- Can I get any step-by-step examples to
follow?
Thanks in advance for your support
Regards

Tags (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Almost all Splunk add-ons are free. See https://apps.splunk.com
Be sure to try the Splunk Security Essentials app. It has lots of examples.

Take half a day for the free Splunk Fundamentals 1 on-line class.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Almost all Splunk add-ons are free. See https://apps.splunk.com
Be sure to try the Splunk Security Essentials app. It has lots of examples.

Take half a day for the free Splunk Fundamentals 1 on-line class.

---
If this reply helps you, Karma would be appreciated.
0 Karma

Lisardo
New Member

Ok Thanks but where can I get tutorial data for security tests? or How to connect splunk to my local machine windows security logs?
Thank in advance for your support
Regards

0 Karma

daniel333
Builder

@lisardo,

The up and downside to Splunk is it's highly customizable, which also means it's a little complex. Your pre-sales engineers will work with you on demo's and some basic POCs.

Splunk success as a SIEM in the industry isn't just the product, (which is good). It's the vendor-customer relationships process they have built to connect you to experts and building experts in your company.

Generally speaking once a contract is signed most deals will include sending 2-3 admins to a variety of bootcamps to get them to speed and you will be partnered with a sales support engineer and SIEM experts to build your use case portfolio. You can expect to spend a ~month in classes and ~100 days working with sales engineers and SIEM SME's to get your internal teams going.

0 Karma

Lisardo
New Member

Ok, thnks. I'll do it. But one of the most important thing is get tutorial data for make some studies of security. Do you know where I can get it?
Thanks in advance for your support

0 Karma

daniel333
Builder

Learning Splunk on your own for a POC? In either event there some intro training, but none match the vendor partnering I mentioned above.

https://www.pluralsight.com/search?q=splunk

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...