Does anyone have a document/steps to guide me to d...

alexinkedia1 · ‎09-21-2022

Does anyone have a document/steps to guide me to do a SIEM migration from Qradar to Splunk

gcusello · ‎09-21-2022

as @richgalloway said, this is a job for Splunk Professional Services or for a Splunk Architect, specialized on Enterprise Security, that already did it.

There isn't any available documentation, only the knowledge of the ones who did it.

For the migration of the Correlation Searches, you can find a very useful tool at https://uncoder.io/ and https://github.com/SigmaHQ/sigma

Ciao.

Giuseppe

richgalloway · ‎09-21-2022

That usually involves a Professional Services engagement. It's not a simple task and Splunk has no public documentation on it.

---
If this reply helps you, Karma would be appreciated.

Does anyone have a document/steps to guide me to do a SIEM migration from Qradar to Splunk?

index

indexer

inputs.conf

modular input

syslog

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation

Does anyone have a document/steps to guide me to do a SIEM migration from Qradar to Splunk?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.