Splunk Enterprise Security

Rules/Correlation Searches that must have at SOC!

test_qweqwe
Builder

Hello my little friends! 🙂
In your opinion what correlation searches must have SOC?

0 Karma
1 Solution

HiroshiSatoh
Champion

How's this?
There are many scenarios.

Splunk Security Essentials
https://splunkbase.splunk.com/app/3435/#/details

View solution in original post

HiroshiSatoh
Champion

How's this?
There are many scenarios.

Splunk Security Essentials
https://splunkbase.splunk.com/app/3435/#/details

View solution in original post

test_qweqwe
Builder

Ye, but I talking about some basic correlation searches that must have for all occasions [in ur opinion]

0 Karma

HiroshiSatoh
Champion

You need to consider the type of search you need in your SOC yourself.
Because I do not understand what your SOC is aiming for.

You can extract appropriate scenarios for your organization from Apps.
All of these scenarios are important.
I think that you should implement it from scenario where your organization can do first.

Splunk Security Essentials
https://splunkbase.splunk.com/app/3435/#/overview

Splunk Security Essentials for Fraud Detection
https://splunkbase.splunk.com/app/3693/#/overview

Splunk Security Essentials for Ransomware
https://splunkbase.splunk.com/app/3593/#/overview

There are Splunk guidelines.
https://www.splunk.com/pdfs/technical-briefs/building-a-soc-with-splunk-tech-brief.pdf

When you purchase ES you can consult with Splunk.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!