Top 6 SEIM Use Cases Using Splunk

An article by InfoSec Institute which is referenced in the link below, discusses a set of must-have use cases that every organization should practice to reap the true benefits of a SIEM solution such as Splunk. Splunk correlates real-time data in a searchable index from which it can generate graphs, reports, alerts, etc. SPL is a search processing language prepared by Splunk for searching, filtering, and inserting data.

The Use Cases are about:

  • Detection of Possible Brute Force Attack
  • Detection of Insider Threat
  • Application Defense Check
  • Suspicious Behavior of Log Source, Expected Host/Log Source Not Reporting
  • Unexpected Events Per Second (EPS) from Log Sources
  • Malware Check
  • Detection of Anomalous Ports, Services and Unpatched Hosts/Network Devices

Read the full article here –

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top