Splunk Enterprise Security: Notable Event Management
Wednesday February 28th at 1 PM EST
When configuring Splunk Enterprise Security, correlation searches are created and run in the background to detect evidence of attacks, known threats, or vulnerabilities. The correlation searches will create notable events in the notable index. These notable events are then reviewed by analysts and handled accordingly to the appropriate SOP created by the company.
In this 30 minute TekTalk, we will cover aspects of notable event management in Splunk ES:
- Using dynamic white/black lists to assist in Splunk's decision on creating the Notable Event or not
- Creating and using proper Notable Event status selections
- Customizing searches and links in the different Notable Event types to assist the analyst's investigation of the event
Senior Splunk Consultant, TekStreamAs Senior Splunk Consultant, Josh is an IT professional with multiple degrees in Information Security. He has over 8 years of experience with Splunk and over 15 years of IT experience in a variety of technologies.
Can't make it? Sign up anyway and you'll receive the webinar replay from us!