Practical Approaches to Tuning ML-Based Correlation Searches in Splunk ES
This study aims to ensure that the correlation rules are effectively implemented using MLTK in practice without any errors.
Continue reading
18 Jul 2024 ·
6 mins read
Öykü Can Şimşir
Splunk Connect for Syslog (SC4S): Installation, Usage & Implementations
This blog outlines the installation and the usage of SC4S to import syslog input data into Splunk, addressing various use cases including custom and complex configurations.
Continue reading
19 Feb 2024 ·
6 mins read
Öykü Can Şimşir
Navigating Splunk Implementation (with Enterprise Security): A Practical Approach
...
Continue reading
16 Feb 2024 ·
6 mins read
Selim Seynur
Risk-Based Alerting (RBA) with MITRE ATT&CK App for Splunk
...
Continue reading
09 Jan 2023 ·
6 mins read
Selim Seynur
Creating Custom Entity Type with Splunk IT Essentials Work
In this part, you will find out how to create custom entity types and associate entities with IT Essentials Work.
Continue reading
26 Sep 2022 ·
6 mins read
Merih Bozbura
Converting Event Logs into Metrics in Splunk
In this post, you will find out how to convert event logs to metrics and search them in Splunk.
Continue reading
26 Aug 2022 ·
6 mins read
Merih Bozbura
Risk-Based Alerting (RBA) with Splunk Enterprise Security
In this blog, you will find out the abilities of Splunk ES Risk Framework and an idea of how to integrate Risk-Based Alerting into your SOC environment.
Continue reading
01 Apr 2022 ·
6 mins read
Merih Bozbura
Restoring Archived Data with Splunk
In this post, you will find how to utilize https://github.com/seynur/restore-archive-for-splunk to make restoring process smoother.
Continue reading
01 Nov 2021 ·
6 mins read
Merih Bozbura
Syslog Data Collection (SC4S) for Splunk and Custom Inputs
This article provides instructions on how to configure custom syslog inputs (also how to filter out the data) to be ingested to Splunk.
Continue reading
26 Jan 2021 ·
6 mins read
Merih Bozbura
Ingesting Event Data from Splunk Forwarder/SC4S to Kafka
The goal of this post is to quickly test/analyze methods to send event data from Splunk Forwarders or SC4S to Apache Kafka deployments. There may be several reasons for ...
Continue reading
08 Jan 2021 ·
6 mins read
Selim Seynur
Ingesting Syslog data to Kafka
When working with event data analytics, especially for security purposes (i.e. SIEM), syslog becomes an important protocol to ingest data. Most of our clients utilize syslog ...
Continue reading
08 Jan 2021 ·
6 mins read
Selim Seynur
Kafka + S3: Long-term searchable/queryable data retention
The goal of this post is to provide an alternate solution for a question we have started to face with our clients. What is the best way to store event-data in ...
Continue reading
08 Jan 2021 ·
6 mins read
Selim Seynur
Splunk Data Models & CIM
In this post, you will find out what Splunk data models and CIM (Common Information Model) are and why they hold that much importance.
Continue reading
04 Jan 2021 ·
6 mins read
Merih Bozbura
Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 3
In this part of the blog series I’d like to focus on writing custom correlation rules. The goal is to utilize MITRE ATT&CK App for Splunk and enrich its abilities ...
Continue reading
10 Jun 2020 ·
6 mins read
Selim Seynur
How to Become A Certified Splunk Enterprise Admin?
In this blog, I will talk about the stages of becoming a certified Splunk admin. Splunk is a data (The Data-to-Everything™) platform that allows you to collect any data from any source and analyze it intelligently and generate value from the data.
Continue reading
05 May 2020 ·
6 mins read
Enes Oğuzhan Alataş
Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 2
In this part of the blog series the goal is to utilize MITRE ATT&CK App for Splunk and associate custom/new correlation ...
Continue reading
17 Apr 2020 ·
6 mins read
Selim Seynur
Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 1
The purpose of this blog post is to share our experience and knowledge in our attempts to detect cyber threats with [Splunk®](https://www.splunk.com). Since we have ...
Continue reading
12 Mar 2020 ·
6 mins read
Selim Seynur
