Splunk

  • Practical Approaches to Tuning ML-Based Correlation Searches in Splunk ES

    This study aims to ensure that the correlation rules are effectively implemented using MLTK in practice without any errors.

  • Splunk Connect for Syslog (SC4S): Installation, Usage & Implementations

    This blog outlines the installation and the usage of SC4S to import syslog input data into Splunk, addressing various use cases including custom and complex configurations.

  • Navigating Splunk Implementation (with Enterprise Security): A Practical Approach

    ...

  • Risk-Based Alerting (RBA) with MITRE ATT&CK App for Splunk

    ...

  • Creating Custom Entity Type with Splunk IT Essentials Work

    In this part, you will find out how to create custom entity types and associate entities with IT Essentials Work.

  • Converting Event Logs into Metrics in Splunk

    In this post, you will find out how to convert event logs to metrics and search them in Splunk.

  • Risk-Based Alerting (RBA) with Splunk Enterprise Security

    In this blog, you will find out the abilities of Splunk ES Risk Framework and an idea of how to integrate Risk-Based Alerting into your SOC environment.

  • Restoring Archived Data with Splunk

    In this post, you will find how to utilize https://github.com/seynur/restore-archive-for-splunk to make restoring process smoother.

  • Syslog Data Collection (SC4S) for Splunk and Custom Inputs

    This article provides instructions on how to configure custom syslog inputs (also how to filter out the data) to be ingested to Splunk.

  • Splunk Data Models & CIM

    In this post, you will find out what Splunk data models and CIM (Common Information Model) are and why they hold that much importance.

  • Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 3

    In this part of the blog series I’d like to focus on writing custom correlation rules. The goal is to utilize MITRE ATT&CK App for Splunk and enrich its abilities ...

  • How to Become A Certified Splunk Enterprise Admin?

    In this blog, I will talk about the stages of becoming a certified Splunk admin. Splunk is a data (The Data-to-Everything™) platform that allows you to collect any data from any source and analyze it intelligently and generate value from the data.

  • Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 2

    In this part of the blog series the goal is to utilize MITRE ATT&CK App for Splunk and associate custom/new correlation ...

  • Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 1

    The purpose of this blog post is to share our experience and knowledge in our attempts to detect cyber threats with [Splunk®](https://www.splunk.com). Since we have ...

    • Kafka

  • Ingesting Event Data from Splunk Forwarder/SC4S to Kafka

    The goal of this post is to quickly test/analyze methods to send event data from Splunk Forwarders or SC4S to Apache Kafka deployments. There may be several reasons for ...

  • Ingesting Syslog data to Kafka

    When working with event data analytics, especially for security purposes (i.e. SIEM), syslog becomes an important protocol to ingest data. Most of our clients utilize syslog ...

  • Kafka + S3: Long-term searchable/queryable data retention

    The goal of this post is to provide an alternate solution for a question we have started to face with our clients. What is the best way to store event-data in ...

    • Seynur Bilgi Teknolojileri A.Ş.
    Esentepe Mah. Büyükdere Cad. No:199/6 Levent Şişli İstanbul
    +90 212 403 9563 | info@seynur.com
    ©2022 Seynur | Privacy Policy | Terms & Conditions