Summary SPLUNK : The Essential Guide to Security USING SPLUNK
2 views 0 purchase
Course
SPLUNK
Institution
SPLUNK
Table of Contents
Introduction .................................................................................5
Splunk in the Security Operations Center (SOC)...................................................6
Understanding the Fundamentals ..............................................8
Spl...
The
Essential Guide
to Security
How to Get Started Using Splunk
for Security to Solve Your
Everyday Challenges
, Table of Contents
Introduction .................................................................................5
Splunk in the Security Operations Center (SOC)...................................................6
What’s Your
Understanding the Fundamentals ..............................................8
Splunk’s Analytics-Driven Security Journey............................................................8
Splunk’s Security Suite....................................................................................................... 10
Plan for The Security Use Cases ..................................................................................................... 12
Embarking on Your Analytics-Driven Security Journey.................................. 15
Are you simply “planning Stage 4: Enrichment.........................................................................24
for the worst, but hoping Stage 5: Automation and Orchestration............................................ 26
for the best?” Stage 6: Advanced Detection..........................................................28
Solve Common Security Challenges With the Splunk
Security Operations Suite.........................................................30
Incident Investigation and Forensics......................................................................... 32
• Detect Lateral Movement With WMI.......................................................................32
• Identify Multiple Unauthorized Access Attempts..........................................35
Security Monitoring...............................................................................................................38
• Detect Public S3 Buckets in AWS.............................................................................38
• Find Multiple Infections on Host................................................................................42
Advanced Threat Detection.............................................................................................44
• Detect Connection to New Domain.........................................................................44
• Find Emails With Lookalike Domains......................................................................48
SOC Automation...................................................................................................................... 52
• Automate Malware Investigations...........................................................................52
• Automate Phishing Investigations and Responses.......................................54
Incident Response.................................................................................................................56
• Detect New Data Exfil DLP Alerts for User.........................................................56
• Identify Basic Dynamic DNS Detection................................................................59
Compliance................................................................................................................................. 62
• Detect New Data Exfil DLP Alerts for User.........................................................62
• Find User Logged Into In-Scope System They Should Not Have..........65
Fraud Analytics and Detection.......................................................................................68
• Detect Compromised User Accounts....................................................................68
• Find Anomalous Healthcare Transactions..........................................................71
Insider Threat Detection.................................................................................................... 73
• Detect Large Web Upload..............................................................................................73
• Detect Successful Login of Account for Former Employee.................... 76
,So how can you Introduction
best defend your What’s your plan for cybersecurity? Are you simply “planning
for the worst, but hoping for the best?” With digital technology
touching every part of our lives and new threats popping up daily, it’s
organization and imperative that your organization is precise, informed and prepared
when it comes to defending your assets and hunting your adversaries.
hunt down new High-profile breaches, global ransomware attacks and the scourge of
cryptomining are good enough reasons why your organization needs
adversaries?
to collect, leverage and understand the right data. You’ll also need to
implement the right processes and procedures, often alongside new
technologies, methods and requirements–all with an ever-increasing
velocity and variety of machine data.
Ultimately, by taking a holistic So how can you best defend your organization and hunt down new
approach to your defense adversaries? Ultimately, by taking a holistic approach to your defense
system across the enterprise. system across the enterprise. This is why Splunk believes every
organization needs a security nerve center, implemented by following
a six-stage security journey that we will describe for you.
Let’s break down what that means.
, Splunk in the Security Operations Sound good?
Center (SOC) Great. So how do I make all of this happen in the real world, you ask?
Data-driven businesses take advantage of the investigate, monitor,
analyze and act (IMAA) model to advance their security by optimizing To get you started, we put together this short guide to introduce you
their people, processes and technology. It includes using all the data to the top security use cases organizations face and to show you how
from the security technology stack, which can help you investigate, Splunk’s analytics-driven platform can help you solve your security
detect and take rapid, coordinated action against threats in a manual, challenges. This guide is divided into three sections:
semi-automated or fully-automated fashion. When security teams
1. Understanding the Fundamentals. Here you will find an
invest in their security infrastructure, their security ecosystem
introduction to the security journey and a quick primer on
and skills become stronger, making it possible to expand security
security use cases with each use case mapped to relevant
practices into new areas and proactively deal with threats.
Splunk solutions.
The Splunk Data-to-Everything Platform and Splunk’s security
2. Embarking on Your Analytics-Driven Security Journey. Here
portfolio brings together multiple cybersecurity areas, as well as
we explain the six stages of the data-driven security journey–and
others outside of security, to foster collaboration and implement
what you should be able to do, and how well, at each stage.
best practices for interacting with your data. Security teams can use
Splunk solutions to drive statistical, visual, behavioral and exploratory 3. Solving Common Security Challenges With Splunk. Here
analytics that inform decisions and actions. From there, the platform we walk through examples of how to solve common security
allows for a modern workflow, from collecting data all the way to challenges associated with:
Splunk Adaptive Response
invoking actions to address cyberthreats and challenges.
• Incident investigation and forensics
• Security monitoring
Network • Advanced threat detection
• SOC automation
Web Proxy Threat
Firewall Intelligence • Incident response, compliance
• Fraud and analytics detection
• Insider threat
WAF & App
Security
Orchestration
Ready to create a kick-ass security practice?
We thought so.
Internet Network Endpoints
Security
Identity and
Access
Figure 1: Splunk Enterprise Security includes a common framework for interacting with data and invoking
actions. The Adaptive Operations Framework enables security teams to quickly and confidently apply
changes to the environment. Splunk Enterprise Security can automate the response as well, enabling the
security infrastructure to adapt to the attacker using a range of actions appropriate to each domain.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller THEEXCELLENCELIBRARY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.99. You're not tied to anything after your purchase.