Foundational Visibility
Building foundational visibility enables ITOps and security teams to proactively detect, investigate, and address issues before they escalate, helping to ensure better resilience. Splunk provides a data-centric security solution that meets the requirements for foundational security monitoring, incident management, and compliance. By centralizing and analyzing data from various sources and formats, Splunk software enables teams to gain end-to-end visibility across their entire tech stack and environment, whether on-premises, hybrid, or multi-cloud. This holistic approach bridges gaps between legacy and modern environments, breaking down data silos and streamlining operations.
Use the guidance in the following topics to help develop foundational visibility:
- Data Optimization helps you to optimize data sources for best use in the Splunk platform, searching data where it lives and only ingesting it when needed.
- Security Monitoring helps you build foundational monitoring practices with the Splunk platform, Splunk Enterprise Security, and Splunk Security Essentials.
- Incident Management helps you to build actions and strategies to ensure an effective and efficient response to security incidents.
- Compliance helps you stay ahead of ever-evolving regulations, policies, and business risks.
- Visualization and Reporting helps you to identify high-risk events, and map components of different services to understand interdependencies.
Use Case Explorer for Security | |||
---|---|---|---|
|
|||
Anomaly Detection |
Explore foundational visibility
- Data optimization
- Learn how to implement best practices for normalization, enrichment, availability and retention.
- Security monitoring
- Obtain detailed security detections and analytic stories that get you answers without wasting time on unimportant data that consumes time and resources, and leaves risks unaddressed.
- Incident management
- Build a high-performing SOC team by encouraging active and passive collaboration behaviors, and helping the team innovate faster and quickly recover from incidents.
- Creating an Incident Response Plan (IRP)
- Creating an incident workflow in Splunk Enterprise Security
- Deleting web shells automatically
- Disabling inactive user accounts in AWS
- Enriching suspicious email domains
- Identifying inactive user accounts in AWS
- Prescriptive Adoption Motion - Incident management
- Triaging Crowdstrike malware data
- Compliance
- Ensure that your organization follows applicable laws, general mandates, and industry-specific regulations that govern how it conducts business.
- Auditing with the Splunk App for PCI Compliance
- Conducting an Azure new user census
- Detecting non-privileged user accounts conducting privileged actions
- Detecting Personally Identifiable Information (PII) in log data for GDPR compliance
- Using Splunk Enterprise Security to ensure GDPR compliance
- Using Splunk Enterprise Security to ensure PCI compliance
- Using the OT Security add-on for Splunk to ensure NERC CIP compliance
- Verifying multifactor authentication usage in O365
- Visualizations and reporting
- A well-configured dashboard or report allows you to view threats and incidents that are trending up or down, respond faster, and provide real-time insights for management.