Splunk Enterprise Security

Learning SIEM basics

hemendralodhi
Contributor

Hello,

I now have fairly good experience with Splunk and want to learn more about SIEM but not sure where to start. I am from application side and have handled various applications in the past. I want to learn SIEM basics so that I have good idea when dealing with Splunk SIEM.

Any help or pointer is greatly appreciated.

Thanks
Hemendra

0 Karma

mdessus_splunk
Splunk Employee
Splunk Employee

My advice: do not think about product, but think about your needs: what are the risk for your company, mainly the business ones ?
Then, you will be able to identify scenarios you want to detect (for the correlation), check you want to do (for compliance), and what kind of anomalies you want to identify (for the analytic part).
So SIEM is just a tool that does not answer all security needs. That said, you might have a look to ES documentation and look for .conf presentation for real use case.

hemendralodhi
Contributor

Thanks mdessus for your input. I will follow above tip.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...