Practical Approaches to Tuning ML-Based Correlation Searches in Splunk ES

This study aims to ensure that the correlation rules are effectively implemented using MLTK in practice without any errors.

Continue reading

18 Jul 2024 · 6 mins read
Öykü Can Şimşir

#splunk #MLTK #machine-learning-tool #correlation-searches

Splunk Connect for Syslog (SC4S): Installation, Usage & Implementations

This blog outlines the installation and the usage of SC4S to import syslog input data into Splunk, addressing various use cases including custom and complex configurations.

Continue reading

19 Feb 2024 · 6 mins read
Öykü Can Şimşir

#splunk #sc4s #syslog-ng #splunk-connect-for-syslog

Navigating Splunk Implementation (with Enterprise Security): A Practical Approach

...

Continue reading

16 Feb 2024 · 6 mins read
Selim Seynur

#splunk #siem #enterprise #security

Risk-Based Alerting (RBA) with MITRE ATT&CK App for Splunk

...

Continue reading

09 Jan 2023 · 6 mins read
Selim Seynur

#splunk #risk-based-alerting #rba #risk-analysis #siem

Creating Custom Entity Type with Splunk IT Essentials Work

In this part, you will find out how to create custom entity types and associate entities with IT Essentials Work.

Continue reading

26 Sep 2022 · 6 mins read
Merih Bozbura

#splunk #metrics #splunk-it-essentials-work

Converting Event Logs into Metrics in Splunk

In this post, you will find out how to convert event logs to metrics and search them in Splunk.

Continue reading

26 Aug 2022 · 6 mins read
Merih Bozbura

#splunk #metrics #metrics-and-analysis

Risk-Based Alerting (RBA) with Splunk Enterprise Security

In this blog, you will find out the abilities of Splunk ES Risk Framework and an idea of how to integrate Risk-Based Alerting into your SOC environment.

Continue reading

01 Apr 2022 · 6 mins read
Merih Bozbura

#splunk #risk-based-alerting #rba #risk-analysis #siem

Restoring Archived Data with Splunk

In this post, you will find how to utilize https://github.com/seynur/restore-archive-for-splunk to make restoring process smoother.

Continue reading

01 Nov 2021 · 6 mins read
Merih Bozbura

#splunk #index #retention #siem #retention-strategies #archived-data-solutions

Syslog Data Collection (SC4S) for Splunk and Custom Inputs

This article provides instructions on how to configure custom syslog inputs (also how to filter out the data) to be ingested to Splunk.

Continue reading

26 Jan 2021 · 6 mins read
Merih Bozbura

#splunk #splunk-connect-for-syslog #siem #sc4s #syslog

Ingesting Event Data from Splunk Forwarder/SC4S to Kafka

The goal of this post is to quickly test/analyze methods to send event data from Splunk Forwarders or SC4S to Apache Kafka deployments. There may be several reasons for ...

Continue reading

08 Jan 2021 · 6 mins read
Selim Seynur

#kafka #s3

Ingesting Syslog data to Kafka

When working with event data analytics, especially for security purposes (i.e. SIEM), syslog becomes an important protocol to ingest data. Most of our clients utilize syslog ...

Continue reading

08 Jan 2021 · 6 mins read
Selim Seynur

#kafka #s3

Kafka + S3: Long-term searchable/queryable data retention

The goal of this post is to provide an alternate solution for a question we have started to face with our clients. What is the best way to store event-data in ...

Continue reading

08 Jan 2021 · 6 mins read
Selim Seynur

#kafka

Splunk Data Models & CIM

In this post, you will find out what Splunk data models and CIM (Common Information Model) are and why they hold that much importance.

Continue reading

04 Jan 2021 · 6 mins read
Merih Bozbura

#splunk #common-information-model #data-model #siem

Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 3

In this part of the blog series I’d like to focus on writing custom correlation rules. The goal is to utilize MITRE ATT&CK App for Splunk and enrich its abilities ...

Continue reading

10 Jun 2020 · 6 mins read
Selim Seynur

#splunk #mitre #siem

How to Become A Certified Splunk Enterprise Admin?

In this blog, I will talk about the stages of becoming a certified Splunk admin. Splunk is a data (The Data-to-Everything™) platform that allows you to collect any data from any source and analyze it intelligently and generate value from the data.

Continue reading

05 May 2020 · 6 mins read
Enes Oğuzhan Alataş

#splunk #splunk-administration

Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 2

In this part of the blog series the goal is to utilize MITRE ATT&CK App for Splunk and associate custom/new correlation ...

Continue reading

17 Apr 2020 · 6 mins read
Selim Seynur

#splunk #mitre #siem

Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 1

The purpose of this blog post is to share our experience and knowledge in our attempts to detect cyber threats with [Splunk®](https://www.splunk.com). Since we have ...

Continue reading

12 Mar 2020 · 6 mins read
Selim Seynur

#splunk #mitre #siem