Archive

Support on testing Splunk Enterprise as a SIEM

New Member

I have just installed Splunk Enterprise 60 day trial version and I want to test it for Cybersecurity purposes, I would like some support on do this as fast as possible, for that I would appreciate your support on:
- Does it exist any free add-on that I
can use?
- Does it exist any tutorial data for
test security events?
- Can I get any recipes from a cookbook
that allow me to apply some rules or
some dashboards?
- Can I get any step-by-step examples to
follow?
Thanks in advance for your support
Regards

Tags (2)
0 Karma
1 Solution

SplunkTrust
SplunkTrust

Almost all Splunk add-ons are free. See https://apps.splunk.com
Be sure to try the Splunk Security Essentials app. It has lots of examples.

Take half a day for the free Splunk Fundamentals 1 on-line class.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

Almost all Splunk add-ons are free. See https://apps.splunk.com
Be sure to try the Splunk Security Essentials app. It has lots of examples.

Take half a day for the free Splunk Fundamentals 1 on-line class.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

New Member

Ok Thanks but where can I get tutorial data for security tests? or How to connect splunk to my local machine windows security logs?
Thank in advance for your support
Regards

0 Karma

Builder

@lisardo,

The up and downside to Splunk is it's highly customizable, which also means it's a little complex. Your pre-sales engineers will work with you on demo's and some basic POCs.

Splunk success as a SIEM in the industry isn't just the product, (which is good). It's the vendor-customer relationships process they have built to connect you to experts and building experts in your company.

Generally speaking once a contract is signed most deals will include sending 2-3 admins to a variety of bootcamps to get them to speed and you will be partnered with a sales support engineer and SIEM experts to build your use case portfolio. You can expect to spend a ~month in classes and ~100 days working with sales engineers and SIEM SME's to get your internal teams going.

0 Karma

New Member

Ok, thnks. I'll do it. But one of the most important thing is get tutorial data for make some studies of security. Do you know where I can get it?
Thanks in advance for your support

0 Karma

Builder

Learning Splunk on your own for a POC? In either event there some intro training, but none match the vendor partnering I mentioned above.

https://www.pluralsight.com/search?q=splunk

0 Karma