Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to set up a SOC with Splunk ?

mbdiameth
New Member
‎04-04-2017 01:07 AM

I have no experience and I need to set up a SOC/NOC with Splunk. Thank you for andurstanding me and helping me.

0 Karma
Reply

javiergn
Super Champion
‎04-04-2017 04:52 AM

Did you take a look at

https://www.splunk.com/pdfs/technical-briefs/building-a-soc-with-splunk-tech-brief.pdf

Or

https://www.slideshare.net/Splunk/sl-2015-houstonbuildingsocherrald

There are lots of resources online but you can't summarise a several months or years job in one answer I'm afraid.
My only advice if you don't have the experience would be to hire someone with that experience first and then start from that.

Thanks,
J

0 Karma
Reply

mbdiameth
New Member
‎04-05-2017 10:49 AM

Thank you for this precious help to enlighten me

0 Karma
Reply

tomasmoser
Contributor
‎04-04-2017 04:50 AM

Hi,

There is a book that describes generic principles about how to deploy a central big data SIEM (in reality Splunk) that is hard of SOC.
Crafting the Infosec - http://shop.oreilly.com/product/0636920032991.do. It's written by Cisco CSIRT team members.

Tomas

0 Karma
Reply

mbdiameth
New Member
‎04-05-2017 10:48 AM

Thank you for this precious help to enlighten me

0 Karma
Reply

mdessus_splunk
Splunk Employee
Splunk Employee
‎04-04-2017 04:39 AM

A SOC and NOC are a combination of tools, processes, people.
Splunk can be the tool for collecting data (logs, metrics, networks streams...) in order to monitor availability/performance and security (correlation, analytics, fraud...). It will be also a great tool for investigation in both cases.

Reply

mbdiameth
New Member
‎04-05-2017 10:47 AM

Thank you for this precious help to enlighten me

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...