Splunk-Overview - SIEM
Splunk-Overview - SIEM
The
Data-to-Everything
Platform
Database Transaction
Logs Data
Financial
Account & New
Operating Technology
Systems
© 2020 SPLUNK INC.
Why Splunk?
Traditional Splunk
SQL Search
Structured
Unstructured
RDBMS
Volume Velocity Variety
© 2019 SPLUNK INC.
IT
Security
The
Data-to-Everything
Platform IoT
Biz
Analytics
© 2020 SPLUNK INC.
Rich Ecosystem of
Apps & Add-Ons
Splunk Enterprise
Security (SIEM)
Transforming security requires a new approach driven by analytics
© 2020 SPLUNK INC.
Palo Alto
F5 Security OSSEC
Networks
Cisco
Security Suite
Enterprise
© 2020 SPLUNK INC.
Analytics-Driven SIEM
Why CIM?
© 2020 SPLUNK INC.
With CIM
© 2020 SPLUNK INC.
Pre-built searches, alerts, reports, dashboards, incident workflow, and threat intelligence feeds
Statistical Outliers & Risk Scoring & User Activity Threat Intel & Asset & Identity Integration
© 2020 SPLUNK INC.
Security Posture
1
Risk-based
security
© 2020 SPLUNK INC.
© 2020 SPLUNK INC.
1
Risk-based
security
© 2020 SPLUNK INC.
Risk-Based Analytics
1
Risk-based
security
© 2020 SPLUNK INC.
1
Risk-based
security
© 2020 SPLUNK INC.
1
changing workflow status values as
2. Investigate they work incidents
Risk-based
3. Implement corrective measures
security
ES Admins can define, add new status values and assign values to
different roles, so the statuses in your environment may differ
New - not yet being worked
In progress - investigation underway Note
When a notable is assigned an owner
Pending - various: work in progress, awaiting action, etc. it is tracked as an incident in the
kvstore.
Resolved - fixed, awaiting verification
Closed - fix verified
© 2020 SPLUNK INC.
2
1 Select Click Edit
one or Selected
more
events Set Status,
Urgency,
3 Owner,
and
Comment
2
© 2020 SPLUNK INC.
Investigation Action
Entries History
Select Timeline Zoom
Edit Hover to
investigation Expand
Investigation Jump to start
Name or Click to
Add New
Status Select
Investigation
1
3 2
6 6
© 2020 SPLUNK INC.
Contextual
graphics
Text
Metrics with
threshold
colors and
trend metrics
Timelines
© 2019 SPLUNK INC.
Thank You
Hung Pham Manh