Video Series
Splunk for Security Video Series
Splunk for Security Tutorials
Series Summary
Welcome to our Splunk for Security video series, where we explore how to leverage Splunk’s powerful data analytics capabilities to enhance your organisation’s cybersecurity posture. Whether you’re new to Splunk or looking to deepen your expertise, these videos will guide you through practical techniques for threat detection, incident response, and security monitoring.
Normalisation Summary
This video series on the Common Information Model (CIM) in Splunk delves into the importance of data normalisation across various domains, including security, cloud, and network data. The first episode introduces the concept of data models and how they standardise information from multiple sources, improving data consistency, search efficiency, and insight generation. Subsequent episodes explore the practical implementation of CIM, emphasising the importance of proper data mapping to enhance search performance and security outcomes. The series highlights the need for careful planning and regular maintenance to ensure CIM compliance and optimal system performance.
Expansion Summary
The Splunk for Security: Expansion series provides a comprehensive guide to enhancing security monitoring using the Splunk Stream app. The first episode introduces the architecture and deployment of Splunk Stream, highlighting its real-time visibility into application performance across various environments, including cloud-based deployments. Subsequent episodes explore data flow processes, demonstrating how forwarders capture, index, and make data searchable within Splunk, as well as showcasing the app’s dashboard capabilities for monitoring network traffic.
The series also delves into practical applications, such as configuring streams for HTTP, DNS, and SSL traffic, and culminates in a detailed walkthrough of setting up Windows DNS monitoring. Throughout, the series emphasises the app’s flexibility in managing network data, with detailed instructions on configuring, filtering, and aggregating data streams. Viewers are encouraged to reach out for further assistance, ensuring a thorough understanding and successful deployment of Splunk Stream for security enhancement.
The series also delves into practical applications, such as configuring streams for HTTP, DNS, and SSL traffic, and culminates in a detailed walkthrough of setting up Windows DNS monitoring. Throughout, the series emphasises the app’s flexibility in managing network data, with detailed instructions on configuring, filtering, and aggregating data streams. Viewers are encouraged to reach out for further assistance, ensuring a thorough understanding and successful deployment of Splunk Stream for security enhancement.
SSE Summary
The Splunk Security Essentials video series offers a comprehensive guide to optimising security operations using Splunk. Across nine episodes, the series explores key features and practical applications, from advanced search assistance for anomaly detection to frameworks like the Splunk Security Data Journey. Viewers are introduced to essential tools, including dashboards, data onboarding guides, and content mapping features, enabling organisations to streamline processes and enhance their security visibility.
Highlights include insights into managing data latency and compliance, configuring tailored use cases using the Mitre ATT&CK framework, and leveraging reporting dashboards for strategic decision-making. Advanced topics cover the integration of high-value data sources, the automation of incident responses, and the use of machine learning for advanced threat detection. Each video emphasises practical guidance, offering detailed walkthroughs and tools to maximise the value of Splunk Security Essentials in building a mature and effective security framework.
Highlights include insights into managing data latency and compliance, configuring tailored use cases using the Mitre ATT&CK framework, and leveraging reporting dashboards for strategic decision-making. Advanced topics cover the integration of high-value data sources, the automation of incident responses, and the use of machine learning for advanced threat detection. Each video emphasises practical guidance, offering detailed walkthroughs and tools to maximise the value of Splunk Security Essentials in building a mature and effective security framework.
Want to Speak to an Expert?
At Somerford, we are proud to be an Elite Splunk partner with specialist certified consultants in Enterprise Security. If you'd like to speak with one of our video presenters, Jake, Oliver or Ben, or connect with one of our other experts, please get in touch with us today.
