Dear Team,
We are planning to use splunk for monitoring (security) purpose as an SIEM service. What i wanted to ask here is "is their any way to find out for the list of already available (predefined) rules, reports and dashboards", like other SIEM.
I heard from many people the use-cases comes as default when we install the log source/device specific apps. For ex: Palo Alto, Symantec DLP, Symantec AV etc.
But how do we differentiate which one comes pre-defined ?
Best Regards
Praveen Kamble
As Martin says, if you look at Splunk Enterprise Security, you will find a lot of what you are looking for. The User Manual contains information about all the dashboards and key indicators.
You'll want to take a look at Splunk Enterprise Security: http://www.splunk.com/en_us/products/premium-solutions/splunk-enterprise-security.html
Comes with lots of predefined rules, reports, and dashboards.