Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to start to create new usecase

Jana42855
Explorer
‎01-24-2024 06:46 PM

Hi Mentors,

I have searched in youtube, external sources to check for usecase creation. i could see by using splunk essential we could create the usecase but i am new to the splunk and know about only the basics of splunk like fields and commands etc. i have asked even literally everyone treated me in a bad way when i ask them to teach me how to create the usecase even my team leader is also not ready to teach me but he got learned in the institution 5 years back. i dont have any friends who has knowledge in splunk. 

I beg u please any one please teach me how to create the usecase in splunk and what is the basic of creating the usecase. i need this ......i am a first graduate from my family and i cannot afford huge amount of fees to learn splunk. Any mentors please help me i want to learn splunk and i want to teach the same to my team members in a simple in which way they could understand.......

Please help me Mentors....

Labels (1)
Labels
0 Karma
Reply

kiran_panchavat
Communicator
‎02-21-2024 07:25 AM

Understand what security monitoring means and learn more about it and Remember, the best way to learn is by doing. Start with some basic use cases and gradually progress to more advanced ones. You can also join online communities and forums to connect with other Splunk users and ask questions.

https://www.splunk.com/en_us/blog/security/introducing-splunk-security-use-cases.html

https://lantern.splunk.com/Security/Getting_Started/Identifying_Splunk_Enterprise_Security_use_cases...

https://www.splunk.com/en_us/resources/videos/splunk-enterprise-security-use-case-library.html

 

Reply

BTB
Explorer
‎02-21-2024 07:08 AM

I almost forgot one of the best resources to learn is https://bots.splunk.com/login. You will find rebuild detection in there that you can copy out and use. Is also has games and challenges. I believe you login for this site will work there. You will find it very useful. 

https://bots.splunk.com/login

0 Karma
Reply

BTB
Explorer
‎02-20-2024 12:38 PM

I'm very disheartened to hear about this. I run the Idaho Falls Splunk Users Group and will present next month on using Windows Event Logs to find intruders. You are welcome to join our group and attend. I will give many examples you can cut and paste into your Splunk instance. You may need to modify them slightly for your environment, but they will give you an idea of how to build additional use cases. Personally, I never re-invent the wheel. There is a lot of detection out there.  that I look for before building my own. I would start by googling "Splunk," "Threat detection," and then '"Splunk threat detection" github.' There are many people who aren't insecure people, like the people you work with who willingly share their talents. We all got where we are with the help of others. It's sad to hear you are being treated this way. Once you join the user groups, you can contact me directly. I will take time to work with you as time permits. I will also point you to resources that will help you grow in the field and use Splunk for building use cases. I'll include a couple of resources here for you.

Another thing to keep in mind is that all threat hunting that finds positive activity should lead to a signature. There are tons of threat-hunting Splunk searches out there, and they can also be used as use cases. You may need to tune them (cast a narrower net) before putting them into production, but they will give you a good idea of how to build out detection. 

You will find that industry leaders are always sharing their research and knowledge. Jack Crook was one of my mentors when I was new in this career. Jack and I share the same frustration of attending conferences where many share "theories" but not content. He is big on sharing content and actual Splunk searches and use cases. You can follow his blog. I have included it below. As you grow in this career, remember to not be like the others that have treated you so poorly. Remember, this is a very negative reflection on them, not you! I hope that this helps, and I hope to talk soon! 

http://findingbad.blogspot.com 

https://www.udemy.com/course/cybersecurity-monitoring-detection-lab/?couponCode=ST9MT22024 

https://github.com/splunk/security_content/tree/develop/detections/application

https://www.detectionengineering.net

https://github.com/west-wind/Threat-Hunting-With-Splunk

Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-25-2024 01:01 AM

Hi

First you must have a definition what is your use case! Then after you fully understand it and know what are expecting from you you can start to design it and then implement. For that you can use e.g. https://lantern.splunk.com/ to look what are Splunk's best practices for it.

r. Ismo

0 Karma
Reply

Jana42855
Explorer
‎01-25-2024 02:14 AM

Hi Sir,
Which one i have to use sir.

Jana42855_0-1706177670766.png

 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-25-2024 02:27 AM

As I already said. 1st you MUST define what actually is your use case. Without that information it's impossible to look answer to question which is not known.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...