18.2 Splunk Searches Flashcards
Organizations use ___________ to monitor risks to the confidentiality, integrity, and availability of their technical assets.
Organizations use **continuous monitoring** to monitor risks to the confidentiality, integrity, and availability of their technical assets.
Organizations use ______ that contain ______ to monitor against these risks.
Organizations ______, ______, and ______ multiple logs so they can be analyzed together.
Organizations correlate these logs with ______ to alert when a security event or suspicious activity is detected.
______ software is a security tool that can assist with all the above processes.
Organizations use **logs** that contain **log entries** to monitor against these risks.
Organizations **aggregate**, **parse**, and **normalize** multiple logs so they can be analyzed together.
Organizations correlate these logs with **correlation rules** to alert when a security event or suspicious activity is detected.
**SIEM** software is a security tool that can assist with all the above processes.
Splunk can be used for these additional capabilities by adding the following to the base product:
- **Splunk apps**: Applications that users can add to their Splunk base product that have custom searches and features, with their own interface.
- **Splunk add-ons**: Smaller components that provide additional functionality without their own interface.
- **Splunk suites**: Collections of apps with a single focus, such as an industry or technology.
What is Splunkbase?
**Splunkbase** is a central repository for the various Splunk apps and add-ons.
