How to set up a SOC with Splunk ?

mbdiameth · ‎04-04-2017

I have no experience and I need to set up a SOC/NOC with Splunk. Thank you for andurstanding me and helping me.

javiergn · ‎04-04-2017

Did you take a look at

https://www.splunk.com/pdfs/technical-briefs/building-a-soc-with-splunk-tech-brief.pdf

Or

https://www.slideshare.net/Splunk/sl-2015-houstonbuildingsocherrald

There are lots of resources online but you can't summarise a several months or years job in one answer I'm afraid.
My only advice if you don't have the experience would be to hire someone with that experience first and then start from that.

Thanks,
J

mbdiameth · ‎04-05-2017

Thank you for this precious help to enlighten me

tomasmoser · ‎04-04-2017

Hi,

There is a book that describes generic principles about how to deploy a central big data SIEM (in reality Splunk) that is hard of SOC.
Crafting the Infosec - http://shop.oreilly.com/product/0636920032991.do. It's written by Cisco CSIRT team members.

Tomas

mbdiameth · ‎04-05-2017

Thank you for this precious help to enlighten me

mdessus_splunk · ‎04-04-2017

A SOC and NOC are a combination of tools, processes, people.
Splunk can be the tool for collecting data (logs, metrics, networks streams...) in order to monitor availability/performance and security (correlation, analytics, fraud...). It will be also a great tool for investigation in both cases.

mbdiameth · ‎04-05-2017

Thank you for this precious help to enlighten me

How to set up a SOC with Splunk ?

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...