Threat Intelligence Framework Generated for Thippesha Jyothi ( ) (C) Splunk Inc, not for Administering distribution Splunk Enterprise Security 5 Copyright © 2017 Splunk, Inc. Security Monitoring and Incident Investigation 8. All rights reserved | 17 August 2017 Course Outline 1. Configure the ES threat intelligence framework Generated for Thippesha Jyothi ( ) (C) Splunk Inc, not for Administering distribution Splunk Enterprise Security 4 Copyright © 2017 Splunk, Inc.Examine deployment requirements for ES installations.Understand basics of ES end-user features.All rights reserved | 17 August 2017 Course Goals Recommended: – One of either: ê Searching and Reporting with Splunk and Splunk Knowledge Objects ê Splunk Fundamentals 1 & Splunk Fundamentals 2 – Splunk Cluster Administration – Architecting and Deploying Splunk Generated for Thippesha Jyothi ( ) (C) Splunk Inc, not for Administering distribution Splunk Enterprise Security 3 Copyright © 2017 Splunk, Inc.Administering Splunk (Data and System). All rights reserved | 17 August 2017 Course Prerequisites Do not distribute Generated for Thippesha Jyothi ( ) (C) Splunk Inc, not for Administering distribution Splunk Enterprise Security 2 Copyright © 2017 Splunk, Inc.Should be used only for enrolled students.All rights reserved | 17 August 2017 Document Usage Guidelines Getting Data In (GDI) is the process that you'll follow to ingest machine data into Splunk.įirst, let’s discuss some of the terminology and concepts that are important to bringing the right data in the right way.Administering Splunk Enterprise Security Generated for Thippesha Jyothi ( ) (C) Splunk Inc, not for Administering distribution Splunk Enterprise Security 1 Copyright © 2017 Splunk, Inc. The Splunk platform can index any kind of data, for example any and all IT streaming, machine, and historical data, such as Microsoft Windows event logs, web server logs, live application logs, network feeds, metrics, change monitoring, message queues, or archive files. The volume, type, and number of data sources influence the overall Splunk platform architecture, the number and placement of forwarders, estimated load, and impact on network resources. This normalization is especially important when you are ingesting data from multiple sources, which can cause problems if they are not standardized with a time synchronization mechanism. The CIM normalizes different data sources to use the same field name for consistency across all sources. For example, when you search for an IP address, different data sources may use different field names such as ipaddr, ip_addr, ip_address, or ip. The Splunk Common Information Model (CIM) is a “shared semantic model focused on extracting value from data.” It is used to normalize your data to match a common standard. You should then use data models to map your data to common fields with the same name so that they can be used and identified properly. Splunk Enterprise Security works most effectively when you send all your security data into a Splunk deployment to be indexed. Ingesting data correctly is a foundational step in your Splunk security implementation that, if done correctly, allows you to get the most value across your entire Splunk environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |