The following document is by far the top accessed resource from my solo business website. Since its first release in late 2020 I’ve received lots of feedback and suggestions.
https://github.com/inodee/threathunting-spl/blob/master/Splunk%20ES%20Correlation%20Searches%20Best%20Practices%20v1.3.pdfWhat's it about?
It's a 15-page PDF covering the challenges you encounter when writing or maintaining correlation searches in Splunk's Enterprise Security App (ES).
Topics include:
- Defining dynamic drilldown searches
- Leveraging advanced Incident Review features
- How to deal with alert exception scenarios
- How to use Workflow Actions (use cases)
- Many SPL tricks for Detection Engineers
Version v1.3 is packed with revised practical SPL tips for Splunk users, especially the ones using Splunk ES.
Workshops & Training
Just recently, I have started delivering live/in-person workshops for enterprise SOC and Detection Engineering teams but started to get interest from Splunk partners as well.
In case you are interested, feel free to reach out so that I can send you a comprehensive list of the topics (syllabus) and more info.
Happy Splunking!
Splunk ES Correlation Searches (Rules) Best & Cool Practices was originally published in Detect FYI on Medium, where people are continuing the conversation by highlighting and responding to this story.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
Article Link: Splunk ES Correlation Searches (Rules) Best & Cool Practices | by Alex Teixeira | Detect FYI