Splunk Enterprise Security

create Splunk SIEM rules to detect future attack for SolarWinds attack

pacifikn
Communicator

Greetings!

 

I need your support on how I can create Splunk SIEM rules to detect future attack as requested to this below link:

 

https://thehackernews.com/2021/04/detecting-next-solarwinds-attack.html

 

Your help will be most appreciated, thanks in advance!

Best Regards

Pacy

 

 

Labels (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

You may find some assistance at https://www.splunk.com/en_us/cyber-security/solarwinds-cyberattack-response.html

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You may find some assistance at https://www.splunk.com/en_us/cyber-security/solarwinds-cyberattack-response.html

---
If this reply helps you, Karma would be appreciated.
0 Karma

pacifikn
Communicator

 

Thank you so much for your prompt response @richgalloway.

May you guide me please or is there another link that shows step by step how I could do it  ... I've read it but it's too more complex for me to understand, Kindly help and guide me step by step if possible.

Thank you again.

 

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I do not have steps for this.  The blog and the links within it are good references, but this topic is not for newbies/noobs/n00bs.  Read through the blog postings and write your own steps as you go.

I'm assuming, of course, that you have Solarwinds data indexed in Splunk already.  If you don't then step #1 is to onboard that data.

---
If this reply helps you, Karma would be appreciated.
0 Karma

pacifikn
Communicator

Thank you so much @richgalloway  for your kind help.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...