Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Rules/Correlation Searches that must have at SOC!

test_qweqwe
Builder
‎11-13-2017 03:57 PM

Hello my little friends! 🙂
In your opinion what correlation searches must have SOC?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎11-13-2017 05:45 PM

How's this?
There are many scenarios.

Splunk Security Essentials
https://splunkbase.splunk.com/app/3435/#/details

View solution in original post

Reply
Solved! Jump to solution
Solution

HiroshiSatoh
Champion
‎11-13-2017 05:45 PM

How's this?
There are many scenarios.

Splunk Security Essentials
https://splunkbase.splunk.com/app/3435/#/details

Reply
Solved! Jump to solution

test_qweqwe
Builder
‎11-14-2017 02:12 AM

Ye, but I talking about some basic correlation searches that must have for all occasions [in ur opinion]

0 Karma
Reply
Solved! Jump to solution

HiroshiSatoh
Champion
‎11-14-2017 03:17 AM

You need to consider the type of search you need in your SOC yourself.
Because I do not understand what your SOC is aiming for.

You can extract appropriate scenarios for your organization from Apps.
All of these scenarios are important.
I think that you should implement it from scenario where your organization can do first.

Splunk Security Essentials
https://splunkbase.splunk.com/app/3435/#/overview

Splunk Security Essentials for Fraud Detection
https://splunkbase.splunk.com/app/3693/#/overview

Splunk Security Essentials for Ransomware
https://splunkbase.splunk.com/app/3593/#/overview

There are Splunk guidelines.
https://www.splunk.com/pdfs/technical-briefs/building-a-soc-with-splunk-tech-brief.pdf

When you purchase ES you can consult with Splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...