Security: Ask Me Anything - 1/15/25

Community Office Hours
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Security: Ask Me Anything - 1/15/25

Security: Ask Me Anything - 1/15/25

1 Comment
Cover Images - Office Hours (9).png
Published on ‎11-14-2024 11:44 AM by Splunk Employee | Updated on ‎01-21-2025 09:50 AM

Register here ! This thread is for the Community Office Hours session on Security: Ask Me Anything on Wed, Jan 15, 2025 at 1pm PT / 4pm ET. 

 

This is your opportunity to ask questions related to your specific Splunk Security needs. In our first broad security topic session, our experts are ready to answer all your questions, such as...

What can I ask in this AMA?

  • How to better get started with Splunk Security? What are the essential steps?
  • What are the latest innovations in ES, SOAR, Mission Control, SAA, and so on?
  • What are the best practices for implementing security use cases, like incident management, RBA, automation and so on?
  • What is the best approach to building a unified workflow with ES, SOAR and other security products?
  • What are the third party integrations Splunk Security has and how to best configure these tools?
  • What is the magic of industry frameworks such as ATT&CK, Cyber Kill Chain work within ES and SOAR?
  • Anything else you’d like to learn!

 

Please submit your questions at registration. You can also head to the #office-hours user Slack channel to ask questions (request access here). 

 

Pre-submitted questions will be prioritized. After that, we will open the floor up to live Q&A with meeting participants.

 

Look forward to connecting!


Labels (1)
0 Karma
loriexi
Splunk Employee
Splunk Employee
‎01-21-2025 09:57 AM
‎01-21-2025 09:57 AM

Q1: Can you share some recommended tactics for investigating threats?

A: 

 

Q2: Do you have any insights on leveraging machine learning to identify and investigate threats?

A: 

 

Q3:  In Splunk environment, how to minimize the amount of traffic indexers have to endure when the majority of your environment does not meet the minimum hardware requirements? 

A: 

  • SF/RF settings will dictate how much buckets are replicated.
  • Limiting knowledge object replication
  • Completely disabling real=time searching (you did this already, right?)
  • Convert classic “index & sourcetype” searches to tstats
  • Improperly sized environments, and especially mismatched sized environment, can have severe performance degradation and impact.

 

For more questions and answers, please refer to the deck and live recording. 

 

0 Karma
OSZAR »