Many security professionals struggle with the volume of security event logs produced by Windows. With terabytes of logs every month coming from endpoints, cloud, or on-premises and domain servers, large volumes of security log data can result in many problems. These include longer processing times, difficulty sifting through noise to find relevant logs during search, delayed incident detection, and increased retention costs.
This video shows you how Splunk Edge Processor can be used to help you better manage security event log volume. You'll learn:
- How Splunk Edge Processor uses filtering, transforming, and routing capabilities to ensure that relevant events are available to Splunk Cloud Platform, Splunk Enterprise Security and Splunk User Behavior Analytics
- The different ways Splunk Edge Processor uses SPL2 to define its pipelines
- How Splunk Edge Processor helps administrators detect an example threat, using the technique described in MITRE ATT&CK T1036 Masquerading defense evasion
This article has been brought to you by Splunk Education. We’ve learned that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever with more than 20 self-paced, free eLearning courses. You can start with foundational courses like Intro to Splunk or dive into more advanced courses like Search Under the Hood, Result Modification, and many more. Enroll today so you have the skills to detect the good, the bad, and the unproductive.
In addition, these resources might help you understand and implement this guidance:
Getting Started: Getting started with Splunk Edge Processor
Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their license support plan. Engage the ODS team at OnDemand-Inquires@splunk.