By Derek King September 17, 2018
I’m pleased to introduce you to the Security Monitoring app for Splunk on Splunkbase. It has long been a goal of mine to bring to the community an app that allows monitoring of the important security feeds, in a single unified set of dashboards, that’s easy to install and configure. Hopefully today I’ve done just that!
Before joining Splunk, I’ve helped lots of customers get started with, and expand their security capabilities using, Splunk. The overriding question from those at the start of their journey is usually ‘what should we monitor’ and ‘where do we start’? Well, the Security Monitoring for Splunk app gives you answers to those questions!
Please note it’s my guidance as a security professional to you, covering the important data sources to monitor, and the suggested priority, both in terms of importance and simplicity. You don’t have to follow my suggestions, and as with all things security, there are differing opinions on the most important sources – that’s OK, I’m all good with that!
If you’re just beginning your Splunk journey, then I’ve got you covered there too. I’ve included relevant written and recorded tutorials for understanding the Splunk terminology, getting the app configured correctly, and a three-step process to on-boarding each data source you bring into Splunk. I’ve also tried to give you all the actionable dashboards you need to deliver the right information, without the need for lots of search bar activity.
You can download and get started today, and I’d love to hear your feedback. Jump into the app and let me know what you like, what’s missing, what needs work and what you’d love to see more of.
Happy Splunking and happy monitoring!
Derek