Reducing Windows security event log volume with Splunk Edge Processor

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Many security professionals struggle with the volume of security event logs produced by Windows. With terabytes of logs every month coming from endpoints, cloud, or on-premises and domain servers, large volumes of security log data can result in many problems. These include longer processing times, difficulty sifting through noise to find relevant logs during search, delayed incident detection, and increased retention costs.

Solution

This video shows you how Splunk Edge Processor can be used to help you better manage security event log volume. You'll learn:

How Splunk Edge Processor uses filtering, transforming, and routing capabilities to ensure that relevant events are available to Splunk Cloud Platform, Splunk Enterprise Security and Splunk User Behavior Analytics
The different ways Splunk Edge Processor uses SPL2 to define its pipelines
How Splunk Edge Processor helps administrators detect an example threat, using the technique described in MITRE ATT&CK T1036 Masquerading defense evasion

Next steps

This article has been brought to you by Splunk Education. We’ve learned that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever with more than 20 self-paced, free eLearning courses. You can start with foundational courses like Intro to Splunk or dive into more advanced courses like Search Under the Hood, Result Modification, and many more. Enroll today so you have the skills to detect the good, the bad, and the unproductive.

In addition, these resources might help you understand and implement this guidance:

Getting Started: Getting started with Splunk Edge Processor