Skip to main content

12 Angry Analysts: Tuning Splunk SOAR events to keep your analysts happy (or at least content)

Overwhelmed by false positives or irrelevant alerts? Wondering how to scale tuning ops to keep your SOC Analysts happy without overextending your automation team? The XDR folks at Accenture Federal would like to offer you a bit guidance, if you will hear it. We hope to provide you with an example of a mature SOAR event tuning solution, and we’ll talk about playbook steps, helpful custom functions you probably don’t have, as well as how to allow your SOC folks to self-service their own requests.