An article by InfoSec Institute which is referenced in the link below, discusses a set of must-have use cases that every organization should practice to reap the true benefits of a SIEM solution such as Splunk. Splunk correlates real-time data in a searchable index from which it can generate graphs, reports, alerts, etc. SPL is a search processing language prepared by Splunk for searching, filtering, and inserting data.
The Use Cases are about:
- Detection of Possible Brute Force Attack
- Detection of Insider Threat
- Application Defense Check
- Suspicious Behavior of Log Source, Expected Host/Log Source Not Reporting
- Unexpected Events Per Second (EPS) from Log Sources
- Malware Check
- Detection of Anomalous Ports, Services and Unpatched Hosts/Network Devices
Read the full article here – http://resources.infosecinstitute.com/top-6-seim-use-cases/