I have no experience and I need to set up a SOC/NOC with Splunk. Thank you for andurstanding me and helping me.
Did you take a look at
https://www.splunk.com/pdfs/technical-briefs/building-a-soc-with-splunk-tech-brief.pdf
Or
https://www.slideshare.net/Splunk/sl-2015-houstonbuildingsocherrald
There are lots of resources online but you can't summarise a several months or years job in one answer I'm afraid.
My only advice if you don't have the experience would be to hire someone with that experience first and then start from that.
Thanks,
J
Thank you for this precious help to enlighten me
Hi,
There is a book that describes generic principles about how to deploy a central big data SIEM (in reality Splunk) that is hard of SOC.
Crafting the Infosec - http://shop.oreilly.com/product/0636920032991.do. It's written by Cisco CSIRT team members.
Tomas
Thank you for this precious help to enlighten me
A SOC and NOC are a combination of tools, processes, people.
Splunk can be the tool for collecting data (logs, metrics, networks streams...) in order to monitor availability/performance and security (correlation, analytics, fraud...). It will be also a great tool for investigation in both cases.
Thank you for this precious help to enlighten me