Are you looking to get started with Splunk for security? Or perhaps looking for how-to guides to help your Tier 1 analysts investigate security alerts?
Lots of our customers are, so we’re here to help.
Introducing the first in a series of guided online experiences that allow you to detect, validate and scope potential threats using Splunk.
Each experience in this series will include a video walk through, a step-by-step guide and an online Splunk instance, pre-loaded with data so you can jump right in and learn how to address security issues with Splunk. No download required. No login required. No need to add data. Just get in there and get your hands dirty (while learning how to clean up your vulnerabilities.)
This first experience uses authentication data as the primary mechanism for identifying threats.
By following the pattern of failed and successful login attempts and then by zooming in on specific hosts and workstations, we can identify where we may have security issues, like scripted attacks and lateral movement.
Splunk aggregates all of your security event data into one place, making it easy to get a single view into what’s happening across your infrastructure. Using the Splunk search language (SPL) and visualizations, we are able to pinpoint these issues and help analysts to understand the scope of a given threat and move to the remediation stage quickly.
Check it out now and let us know what you think. We welcome feedback including ideas for future topics.