Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Create Splunk Use Cases and Dashboard

iremdoesthings
Loves-to-Learn
‎01-07-2024 01:55 PM

My teacher gave me this task:

"You need to apply at least 3 different use cases that we will change according to your scenario. Show various use cases on the Dashboards you create. You can refer to sample use cases on the Internet or in the Security Essentials application on Splunk." but I don't know how to do this task. He gives us an empty Splunk Server and this task.

How can I create a use-case scenario?

Thank you for your time...

Labels (3)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-07-2024 11:35 PM

Hi @iremdoesthings ,

I suppose that you already know Splunk and SPL, if not, let me know that I can hint some free training to start.

Anyway, as you teacher and @PickleRick hinted, the Splunk Security Essentials App. is a good starting point to find the searches for your use cases, but anyway, the real staring point is the data that you have available on your Indexer: which one do you have available?

You could analyze your data with a simple search (index=* | stats count BY sourcetype) so you can know which data source you have available and you can use.

Otherwise, in the Splunk Security Essentials App, there's a very interesting feature, that analyzes you data and says to you which searches you can implement on your data, you can find it in the app at [Data > Data Invenatry].

Ciao.

Giuseppe

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-07-2024 02:07 PM

A use case in this context is typically a search returning results corresponding to some security scenario. Like finding excessive failed logins or sequence of logins from a geographically distant places in a short period of time.

You need to check what data you have available, what you want to find and think how to find it. Free Security Essentials app is indeed a good source for possible use cases.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...