Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

most critical Events

fingolfin
Explorer
‎02-23-2012 05:46 AM

Hello together

For my doctrinal statements, i have to configure a Splunk, with 50 server from our Company.
one of the objectives is to analyze the ten most critical Events. But we don’t have a lot of critical events.
Now I wanted to ask you what you think is the most critical event?

Regards,

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎02-23-2012 06:19 AM

I started writing an answer to this but my answer would probably just be a rehash of what I wrote in a previous answer anyway: http://splunk-base.splunk.com/answers/35312/security-threats

The same holds for finding critical events - without any context information it is all but impossible to tell you that. Ask yourself: what is the worst that could happen in your systems or applications? How would you get the information of that it has happened? That's a thinking exercise to start off with.

View solution in original post

Reply
Solved! Jump to solution

fingolfin
Explorer
‎02-27-2012 06:36 AM

Thank you for your answer.
This question:"what is the worst that could happen in your systems or applications?"
I've also been asked, but i'm still in education and have less experience on Eventlogs.
So i have also ask in my company, what they think is critical. And they have gave me, a list with critical things, now i have to integrate this Events.

regards

0 Karma
Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎02-23-2012 06:19 AM

I started writing an answer to this but my answer would probably just be a rehash of what I wrote in a previous answer anyway: http://splunk-base.splunk.com/answers/35312/security-threats

The same holds for finding critical events - without any context information it is all but impossible to tell you that. Ask yourself: what is the worst that could happen in your systems or applications? How would you get the information of that it has happened? That's a thinking exercise to start off with.

Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...