This post of the Back to Basics Hunting series with Splunk discusses how to use the new SA-Investigator add-on for Enterprise Security to dig deep into your datamodels and find the evil lurking within.
Splunk was named in the Gartner 2017 Critical Capabilities for Security Information and Event Management report and received the highest score in the Basic Security Monitoring Use Case
A monthly series of staff picked content from the Splunk security world. Each month will have a new selection of Splunk security presentations, white papers, or blog posts that you might have missed.
Splunk’s Enterprise Security Content Update (ESCU) app can provide you with early warnings and situational awareness—powerful elements of an effective defense against adversaries