Computer Science > EXAM > SPLUNK : The Essential Guide to Security USING SPLUNK (All)
Table of Contents Introduction .................................................................................5 Splunk in the Security Operations Center (SOC)......................................... .............6 Understanding the Fundamentals ..............................................8 Splunk’s Analytics-Driven Security Journey............................................................8 Splunk’s Security Suite.......................................................................................................10 The Security Use Cases ..................................................................................................... 12 Embarking on Your Analytics-Driven Security Journey.................................. 15 Stage 1: Collection...........................................................................16 Stage 2: Normalization.....................................................................20 Stage 3: Expansion...........................................................................22 Stage 4: Enrichment.........................................................................24 Stage 5: Automation and Orchestration............................................26 Stage 6: Advanced Detection..........................................................28 Solve Common Security Challenges With the Splunk Security Operations Suite.........................................................30 Incident Investigation and Forensics.........................................................................32 • Detect Lateral Movement With WMI.......................................................................32 • Identify Multiple Unauthorized Access Attempts..........................................35 Security Monitoring...............................................................................................................38 • Detect Public S3 Buckets in AWS.............................................................................38 • Find Multiple Infections on Host................................................................................42 Advanced Threat Detection.............................................................................................44 • Detect Connection to New Domain.........................................................................44 • Find Emails With Lookalike Domains......................................................................48 SOC Automation......................................................................................................................52 • Automate Malware Investigations...........................................................................52 • Automate Phishing Investigations and Responses.......................................54 Incident Response.................................................................................................................56 • Detect New Data Exfil DLP Alerts for User.........................................................56 • Identify Basic Dynamic DNS Detection................................................................59 Compliance.................................................................................................................................62 • Detect New Data Exfil DLP Alerts for User.........................................................62 • Find User Logged Into In-Scope System They Should Not Have..........65 Fraud Analytics and Detection.......................................................................................68 • Detect Compromised User Accounts....................................................................68 • Find Anomalous Healthcare Transactions..........................................................71 Insider Threat Detection....................................................................................................73 • Detect Large Web Upload..............................................................................................73 • Detect Successful Login of Account for Former Employee....................76 Introduction What’s your plan for cybersecurity? Are you simply “planning for the worst, but hoping for the best?” With digital technology touching every part of our lives and new threats popping up daily, it’s imperative that your organization is precise, informed and prepared when it comes to defending your assets and hunting your adversaries. High-profile breaches, global ransomware attacks and the scourge of cryptomining are good enough reasons why your organization needs to collect, leverage and understand the right data. You’ll also need to implement the right processes and procedures, often alongside new technologies, methods and requirements–all with an ever-increasing velocity and variety of machine data. So how can you best defend your organization and hunt down new adversaries? Ultimately, by taking a holistic approach to your defense system across the enterprise. This is why Splunk believes every organization needs a security nerve center, implemented by following a six-stage security journey that we will describe for you. [Show More]
Last updated: 5 months ago
Preview 1 out of 41 pages
Instant download
Buy this document to get the full access instantly
Instant Download Access after purchase
Add to cartInstant download
Connected school, study & course
About the document
Uploaded On
Jan 08, 2024
Number of pages
41
Written in
This document has been written for:
Uploaded
Jan 08, 2024
Downloads
0
Views
21
In Browsegrades, a student can earn by offering help to other student. Students can help other students with materials by upploading their notes and earn money.
We're available through e-mail, Twitter, Facebook, and live chat.
FAQ
Questions? Leave a message!
Copyright © Browsegrades · High quality services·