Solved: Rules/Correlation Searches that must have at SOC!

test_qweqwe · ‎11-13-2017

Hello my little friends! 🙂
In your opinion what correlation searches must have SOC?

HiroshiSatoh · ‎11-13-2017

How's this?
There are many scenarios.

Splunk Security Essentials
https://splunkbase.splunk.com/app/3435/#/details

View solution in original post

HiroshiSatoh · ‎11-13-2017

How's this?
There are many scenarios.

Splunk Security Essentials
https://splunkbase.splunk.com/app/3435/#/details

test_qweqwe · ‎11-14-2017

Ye, but I talking about some basic correlation searches that must have for all occasions [in ur opinion]

HiroshiSatoh · ‎11-14-2017

You need to consider the type of search you need in your SOC yourself.
Because I do not understand what your SOC is aiming for.

You can extract appropriate scenarios for your organization from Apps.
All of these scenarios are important.
I think that you should implement it from scenario where your organization can do first.

Splunk Security Essentials
https://splunkbase.splunk.com/app/3435/#/overview

Splunk Security Essentials for Fraud Detection
https://splunkbase.splunk.com/app/3693/#/overview

Splunk Security Essentials for Ransomware
https://splunkbase.splunk.com/app/3593/#/overview

There are Splunk guidelines.
https://www.splunk.com/pdfs/technical-briefs/building-a-soc-with-splunk-tech-brief.pdf

When you purchase ES you can consult with Splunk.

Rules/Correlation Searches that must have at SOC!

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?