SP6 Blog
CIM: What… Why… How…
During your SIEM journey there will be many terms thrown your way, understanding those terms is absolutely essential when it comes to your security environment. In this article, we will bring clarity to one of the more important terms in SIEM, CIM (Common Information Model) Lets Start with the Basics!
What is SOAR Technology?
There’s currently a major adoption occurring around SOAR products Security Orchestration, Automation and Response. What is SOAR? SOAR is next-generation security software products that are designed to automate the common, and fairly remedial tasks that Security Analysts face.
AWS Lambda vs AWS Firehose
Splunk has multiple methods in regards to Getting Data In (GDI). One very popular method is the Http Event Collector (HEC). The use of the HEC allows data ingestion into Splunk via HTTP POST messages. Two popular methods that send POST messages out of AWS into Splunk are the AWS services: Lambda and Firehose.
Caught Red Handed…. Using Splunk to Catch Retail Theft Rings
According to The National Retail Federation, retail theft costs U.S. companies $30 Billion a year, with “professional/habitual shoplifters” responsible for 10% ($3b) of all retail theft. And the problem is only getting worse, with losses increasing at 7% year per year. How can you defend yourself against these losses?
Troubleshooting Splunk Search Head Clusters
There is always a sense of dread when your search head cluster (SHC) goes down. It’s the interface to Splunk, and for the analysts, it’s their window to the data world.
Key Considerations When Building a Splunk Dashboard
Splunk Dashboards bring meaning to your data in a way that is useful in troubleshooting and translating concepts to others.
Let’s Talk about your First Time…. Building a Splunk Dashboard
As Splunk consultants, it’s common to come across customers who have a Splunk license and are ingesting data, but have yet to learn or have taken the time to develop their own Splunk dashboards.
Splunk Data Onboarding – Wrestle with Tough Data… and Win
On-boarding data into Splunk is a fundamental skill and common place for a Splunk Admin. In this article, we will prepare you for situations where getting data into Splunk presents a political or technical tarpit you might not expect.
Logging Cloudwatch Events
Logging for Cloudwatch Events using Splunk HEC Welcome to another installment on how to log multiple AWS accounts into Splunk, when the recommended method is not feasible. In this article we will take a look at Splunking AWS Cloudwatch Event data using an HTTP Event Collector (HEC) input.
The Secret Sauce to Efficient Analytics
As a SIEM solution leader, Splunk has proven that it has the capability to accommodate and process big data very efficiently.
