Open in app
Sign inGet started
Practical Approaches to Tuning ML-Based Correlation Searches in Splunk ES

Practical Approaches to Tuning ML-Based Correlation Searches in Splunk ES

In a rapidly evolving cyber security environment where new threats are encountered every day, effective threat detection and responses to…
Go to the profile of Oyku Can
Oyku Can
Splunk Connect for Syslog (SC4S): Installation, Usage & Implementations

Splunk Connect for Syslog (SC4S): Installation, Usage & Implementations

This blog outlines the installation and the usage of SC4S to import syslog input data into Splunk, addressing various use cases.
Go to the profile of Oyku Can
Oyku Can
Navigating Splunk Implementation (with Enterprise Security): A Practical Approach

Navigating Splunk Implementation (with Enterprise Security): A Practical Approach

In this post, I’d like to go over a Splunk project implementation (on-premises) concerning security. This is based on our experiences as…
Go to the profile of Selim Seynur
Selim Seynur
Risk-Based Alerting (RBA) with MITRE ATT&CK App for Splunk

Risk-Based Alerting (RBA) with MITRE ATT&CK App for Splunk

In this post, I’d like to review Risk-Based Alerting (RBA) in the context of the MITRE ATT&CK App for Splunk with a sample usage. The goal…
Go to the profile of Selim Seynur
Selim Seynur
Ingesting Event Data from Splunk Forwarder/SC4S to Kafka

Ingesting Event Data from Splunk Forwarder/SC4S to Kafka

The goal of this post is to quickly test/analyze methods to send event data from Splunk Forwarders or SC4S to Apache Kafka deployments…
Go to the profile of Selim Seynur
Selim Seynur
Ingesting Syslog data to Kafka

Ingesting Syslog data to Kafka

When working with event data analytics, especially for security purposes (i.e. SIEM), syslog becomes an important protocol to ingest data…
Go to the profile of Selim Seynur
Selim Seynur
Creating Custom Entity Type with Splunk IT Essentials Work

Creating Custom Entity Type with Splunk IT Essentials Work

Splunk IT Essentials Work correlates logs and metrics for each entity and helps you to monitor your infrastructure. It is free, and it…
Go to the profile of Merih Bozbura
Merih Bozbura
Converting Event Logs into Metrics in Splunk

Converting Event Logs into Metrics in Splunk

As well as collecting event logs, metrics data can be ingested into Splunk. There are a few ways to ingest metrics data; Splunk has already…
Go to the profile of Merih Bozbura
Merih Bozbura
Risk-Based Alerting (RBA) with Splunk Enterprise Security

Risk-Based Alerting (RBA) with Splunk Enterprise Security

Alert fatigue and false-positive results are the most common problems in a Security Operation Center (SOC) environment. The correlation…
Go to the profile of Merih Bozbura
Merih Bozbura
Restoring Archived Data with Splunk

Restoring Archived Data with Splunk

Data retention policies help to manage organizations’ big data. Since the amount of data collected today is tremendous, establishing a…
Go to the profile of Merih Bozbura
Merih Bozbura
Syslog Data Collection (SC4S) for Splunk and Custom Inputs

Syslog Data Collection (SC4S) for Splunk and Custom Inputs

As per Splunk Validated Architectures, Splunk Connect for Syslog (SC4S) is the current best practice recommendation to collect syslog data…
Go to the profile of Merih Bozbura
Merih Bozbura
Kafka + S3: Long-term searchable/queryable data retention

Kafka + S3: Long-term searchable/queryable data retention

The goal of this post is to provide an alternate solution for a question we have started to face with our clients. What is the best way to…
Go to the profile of Selim Seynur
Selim Seynur
Splunk Data Models & CIM

Splunk Data Models & CIM

In this post, you will find out what Splunk data models and CIM (Common Information Model) are and why they hold that much importance.
Go to the profile of Merih Bozbura
Merih Bozbura
Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 3

Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 3

In this part of the blog series I’d like to focus on writing custom correlation rules. The goal is to utilize MITRE ATT&CK App for Splunk…
Go to the profile of Selim Seynur
Selim Seynur
How to Become A Certified Splunk Enterprise Admin?

How to Become A Certified Splunk Enterprise Admin?

In this blog, I will talk about the stages of becoming a certified Splunk admin. Splunk is a data (The Data-to-Everything™) platform that…
Go to the profile of Enes Oğuzhan Alataş
Enes Oğuzhan Alataş
Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 2

Detecting Cyber Threats with MITRE ATT&CK App for Splunk — Part 2

In this part of the blog series the goal is to utilize MITRE ATT&CK App for Splunk and associate custom/new correlation searches with…
Go to the profile of Selim Seynur
Selim Seynur
Detecting Cyber Threats with MITRE ATT&CK App for Splunk

Detecting Cyber Threats with MITRE ATT&CK App for Splunk

The purpose of this blog post is to share our experience and knowledge in our attempts to detect cyber threats with ®. Since we have a…
Go to the profile of Selim Seynur
Selim Seynur
About SeynurLatest StoriesArchiveAbout MediumTermsPrivacyTeams