This study aims to ensure that the correlation rules are effectively implemented using MLTK in practice without any errors.
Continue reading
18 Jul 2024 ·
6 mins read
Öykü Can Şimşir
This blog outlines the installation and the usage of SC4S to import syslog input data into Splunk, addressing various use cases including custom and complex configurations.
Continue reading
19 Feb 2024 ·
6 mins read
Öykü Can Şimşir
...
Continue reading
16 Feb 2024 ·
6 mins read
Selim Seynur
...
Continue reading
09 Jan 2023 ·
6 mins read
Selim Seynur
In this part, you will find out how to create custom entity types and associate entities with IT Essentials Work.
Continue reading
26 Sep 2022 ·
6 mins read
Merih Bozbura
In this post, you will find out how to convert event logs to metrics and search them in Splunk.
Continue reading
26 Aug 2022 ·
6 mins read
Merih Bozbura
In this blog, you will find out the abilities of Splunk ES Risk Framework and an idea of how to integrate Risk-Based Alerting into your SOC environment.
Continue reading
01 Apr 2022 ·
6 mins read
Merih Bozbura
In this post, you will find how to utilize https://github.com/seynur/restore-archive-for-splunk to make restoring process smoother.
Continue reading
01 Nov 2021 ·
6 mins read
Merih Bozbura
This article provides instructions on how to configure custom syslog inputs (also how to filter out the data) to be ingested to Splunk.
Continue reading
26 Jan 2021 ·
6 mins read
Merih Bozbura
The goal of this post is to quickly test/analyze methods to send event data from Splunk Forwarders or SC4S to Apache Kafka deployments. There may be several reasons for ...
Continue reading
08 Jan 2021 ·
6 mins read
Selim Seynur
When working with event data analytics, especially for security purposes (i.e. SIEM), syslog becomes an important protocol to ingest data. Most of our clients utilize syslog ...
Continue reading
08 Jan 2021 ·
6 mins read
Selim Seynur
The goal of this post is to provide an alternate solution for a question we have started to face with our clients. What is the best way to store event-data in ...
Continue reading
08 Jan 2021 ·
6 mins read
Selim Seynur
In this post, you will find out what Splunk data models and CIM (Common Information Model) are and why they hold that much importance.
Continue reading
04 Jan 2021 ·
6 mins read
Merih Bozbura
In this part of the blog series I’d like to focus on writing custom correlation rules. The goal is to utilize MITRE ATT&CK App for Splunk and enrich its abilities ...
Continue reading
10 Jun 2020 ·
6 mins read
Selim Seynur
In this blog, I will talk about the stages of becoming a certified Splunk admin. Splunk is a data (The Data-to-Everything™) platform that allows you to collect any data from any source and analyze it intelligently and generate value from the data.
Continue reading
05 May 2020 ·
6 mins read
Enes Oğuzhan Alataş
In this part of the blog series the goal is to utilize MITRE ATT&CK App for Splunk and associate custom/new correlation ...
Continue reading
17 Apr 2020 ·
6 mins read
Selim Seynur
The purpose of this blog post is to share our experience and knowledge in our attempts to detect cyber threats with [Splunk®](https://www.splunk.com). Since we have ...
Continue reading
12 Mar 2020 ·
6 mins read
Selim Seynur