Reducing Windows security event log volume with Splunk Edge Processor
Many security professionals struggle with the volume of security event logs produced by Windows. With terabytes of logs every month coming from endpoints, cloud, or on-premises and domain servers, large volumes of security log data can result in many problems. These include longer processing times, difficulty sifting through noise to find relevant logs during search, delayed incident detection, and increased retention costs.
Solution
This video shows you how Splunk Edge Processor can be used to help you better manage security event log volume. You'll learn:
- How Splunk Edge Processor uses filtering, transforming, and routing capabilities to ensure that relevant events are available to Splunk Cloud Platform, Splunk Enterprise Security and Splunk User Behavior Analytics
- The different ways Splunk Edge Processor uses SPL2 to define its pipelines
- How Splunk Edge Processor helps administrators detect an example threat, using the technique described in MITRE ATT&CK T1036 Masquerading defense evasion
Next steps
In addition, these resources might help you understand and implement this guidance:
Getting Started: Getting started with Splunk Edge Processor