Splunk Flashcards

1
Q

Introduction

A

This section of the SIEM domain will cover how analysts use SIEM platforms to identify and respond to security events, and how security events are analyzed and responded to.

After general setup, configuring rules and alerts is key to being efficient with your SIEM. As a security practitioner, you’ll need to constantly refine your SIEM to provide you with the important security events happening on your network. A common problem with SIEM tools is that they produce too many un-prioritized alerts, more than the security team can take the time to investigate. That’s why it’s important to continuously tune new and existing rules to effectively find only the relevant threat actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Navigating Splunk

A

Splunk offers a simple and streamlined GUI, making it easy to work with. It’s worth mentioning that all SIEMS look fairly similar, so learning how to work with one provides you with transferable skills that can be adapted to the platform that the organization you work for uses. This lesson will cover how Splunk is laid out, and how to navigate through the platform. On the home screen, you will see the below sections, which are explained under the screenshot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Section 1 – Apps Panel

A

Section 1 – Apps Panel
The Apps panel lists the applications that are installed on your Splunk instance. The list shows only the apps that you have permission to view.
When you first open Splunk Web, you will see the default and pre-installed App, Search & Reporting, in the Apps panel.
Because we have other Apps installed (from configuring BOTSv1) we can see them listed on the left-hand side.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Section 2 – Splunk Bar

A

Section 2 – Splunk Bar
The Splunk bar appears on every page in Splunk Web. You use this bar to switch between apps, configure your Splunk deployment, view system-level messages, and monitor the progress of search jobs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Section 3 – Explore Splunk Panel

A

Section 3 – Explore Splunk Panel
The Explore Splunk panel contains links to pages where you can get help.
You can take a product tour, add data, browse for new apps, or access the documentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Section 4 – Home Dashboard

A

Section 4 – Home Dashboard
Once dashboards have been created (we’ll cover this later), we can set a dashboard to display on our homepage, which will be visible in the area marked “4”.
We can use this dashboard to immediately view information that is important to us, such as the number of alerts, types of attacks, and much more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly