Foundational Visibility
Building foundational visibility enables ITOps and security teams to proactively detect, investigate, and address issues before they escalate, helping to ensure better resilience. Splunk provides a data-centric security solution that meets the requirements for foundational security monitoring, incident management, and compliance. By centralizing and analyzing data from various sources and formats, Splunk software enables teams to gain end-to-end visibility across their entire tech stack and environment, whether on-premises, hybrid, or multi-cloud. This holistic approach bridges gaps between legacy and modern environments, breaking down data silos and streamlining operations.
Use the guidance in the following topics to help develop foundational visibility:
- Data Optimization helps you to optimize data sources for best use in the Splunk platform, searching data where it lives and only ingesting it when needed.
- Security Monitoring helps you build foundational monitoring practices with the Splunk platform, Splunk Enterprise Security, and Splunk Security Essentials.
- Incident Management helps you to build actions and strategies to ensure an effective and efficient response to security incidents.
- Compliance helps you stay ahead of ever-evolving regulations, policies, and business risks.
- Visualization and Reporting helps you to identify high-risk events, and map components of different services to understand interdependencies.
Use Case Explorer for Security | |||
---|---|---|---|
|
|||
Anomaly Detection |
Explore foundational visibility
- Data optimization
- Learn how to implement best practices for normalization, enrichment, availability and retention.
- Security monitoring
- Obtain detailed security detections and analytic stories that get you answers without wasting time on unimportant data that consumes time and resources, and leaves risks unaddressed.
- Managing firewall rules
- Monitoring badges for facilities access
- Monitoring Cisco switches, routers, WLAN controllers and access points
- Monitoring for network traffic volume outliers
- Monitoring major Cloud Service Providers (CSPs)
- Monitoring security events with Enterprise Security and Microsoft Copilot for Security
- Monitoring use of Git repositories
- Securing a work-from-home organization
- Securing medical devices from cyberattacks
- Using contentctl to speed up your SOC
- Validating endpoint privilege security with CyberArk EPM
- Incident management
- Build a high-performing SOC team by encouraging active and passive collaboration behaviors, and helping the team innovate faster and quickly recover from incidents.
- Creating an incident workflow in Splunk Enterprise Security
- Creating a timebound picture of network activity
- Disabling inactive user accounts in AWS
- Enriching suspicious email domains
- Investigating a ransomware attack
- Investigating unusual file system queries
- Prescriptive Adoption Motion - Incident management
- Reconstructing a website defacement
- Responding to incidents with the Splunk platform and Fox-IT's Dissect
- Supporting a cloud forensics workflow
- Triaging Crowdstrike malware data
- Compliance
- Ensure that your organization follows applicable laws, general mandates, and industry-specific regulations that govern how it conducts business.
- Analyzing AWS service action errors
- Auditing with the Splunk App for PCI Compliance
- Automating Know Your Customer continuous monitoring requirements
- Complying with the Markets in Financial Instruments Directive II
- De-identifying PII consistently with hashing in Edge Processor
- Defining and detecting Personally Identifiable Information (PII) in log data
- Detecting non-privileged user accounts conducting privileged actions
- Detecting Personally Identifiable Information (PII) in log data for GDPR compliance
- Detecting unencrypted web communications
- Identifying new Windows local admin accounts
- Knowing your financial services customer
- Monitoring consumer bank accounts to maintain compliance
- Monitoring NIST SP 800-53 rev5 control families
- Processing DMCA notices
- Recognizing improper use of system administration tools
- Running common General Data Protection Regulation (GDPR) compliance searches
- Sending masked PII data to the Splunk platform and routing unmasked data to federated search for Amazon S3 (FS-S3)
- Using Edge Processor to filter out cardholder data for PCI DSS compliance
- Using Edge Processor to mask or truncate cardholder data for PCI DSS compliance
- Using Splunk Enterprise Security to ensure PCI compliance
- Using the OT Security add-on for Splunk to ensure NERC CIP compliance
- Using the Splunk App for PCI Compliance
- Visualizations and reporting
- A well-configured dashboard or report allows you to view threats and incidents that are trending up or down, respond faster, and provide real-time insights for management.