Introducing Splunk Security Use-Cases
One of the top challenges faced by Splunk customers and Security practitioners is to keep up with the increase in new cyber attacks while investigating and remediating existing threats. Time is of essence while investigating potential threats and determining the scope and root-cause of a potential reach. Shortage of resources and experienced personnel continues to limit the ability to conduct thorough investigations.
To mitigate this persistent problem, Splunk recently introduced new security use case descriptions. These use case descriptions are ready-to-use examples of how to use Splunk security solutions to quickly identify the scope of attacks, determine mitigation options and take remedial activity.
These use case descriptions solve ambiguous as well as known security problems using actionable examples. They identify the business drivers, data sources and describe the workflow to guide security teams to resolve the problems.
Splunk use case descriptions take a practical, hands-on approach starting with the problem, the data sources and the workflow with a list of interactions between the user and the Splunk solution, to help solve the specific problem. These use case descriptions are available for use by beginner/intermediate Analysts and in detailed format for advanced users such as Hunters.
The five new use case descriptions cover common challenges such as: Malware, Data Exfiltration and Zero-Day Attacks. The basic use case descriptions can be found here:
- Detect and Investigate Malware
- Detect and Stop Data Exfiltration
- Privileged User Monitoring (PUM)
- Detect Zero-Day Attacks
- Use DNS Data to Identify Patient-Zero Malware
Detailed product use case descriptions on how to implement the specific solution to solve the problem can be found in the Splunk user documentation here.
We hope you find these useful in your environment. Let me know what you think.
Director, Security Product Marketing