Hardware Appliance Reference Architecture SPLUNK

tuts · ‎06-10-2024

Environment requirements according to best practices for large companies in Splunk, installing Splunk ES in it, activating more than 10,000roal, and connecting 4,000 devices. What are the best requirements for RAM, CPU, and storage?

gcusello · ‎06-10-2024

Hi @tuts ,

this is a design job for a Certified Splunk Architectnot for the Community!

anyway, there are other parameters to consider:

volume of data to daily index,
number of Correlation Search,
number of users,
HA both on Indexers and Search Heads,
DR yes or not (multisite clustering).

Ciao.

Giuseppe

tuts · ‎06-11-2024

2024-06-11 22_49_35-Incident Review _ Splunk.jpg

Ok, why when I do the threat type endpoint and high, it considers it threat and low. What is the problem? I hope for an answer.

gcusello · ‎06-12-2024

Hi @tuts ,

probably you have to tune your Correlation Search, but this seems to be a different question.

Ciao.

Giuseppe

tuts · ‎06-12-2024

I set the alart to High and security Domaiin = Network, but it appears to me in the Incident Review interface that it is low and security Domaiin = threat, and every event is classified like this, as shown in the attached images.

2024-06-12 17_21_45-Edit Correlation Search _ Splunk.jpg

2024-06-12 17_22_41-Incident Review _ Splunk.jpg

gcusello · ‎06-13-2024

Hi @tuts ,

there's something wrong in your proceduree, review it step by step, and follow a Splunk Enterprise Security User / Admin training.

Ciao.

Giuseppe

Hardware Appliance Reference Architecture SPLUNK

capacity planning

distributed search

Windows

Advanced Splunk Data Management Strategies

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...