Posts

Showing posts with the label SIEM

Splunk | TryHackMe Walkthrough

Image
Introduction: Splunk is a leading cybersecurity software company that develops Web-based applications for researching, monitoring, and evaluating data generated from connected machines, it provides applications such as SIEM solutions and add-ons for many world-leading tech vendors such as Cisco , AWS , Palo Alto , and many others. Splunk Enterprise Security: One of the most famous Splunk applications is Splunk ES , it resolves a variety of security analytics and services including regular security monitoring, enhanced threat detection, compliance, incident reports, forensics, and incident response. Splunk ES aims to resolve many common problems including: alert fatigue:  as it provides a high fidelity risk-alerting. visibility:  by bringing out data from different platforms using multi-cloud security monitoring. flexibility:  investigations can be an exhausting process when you face alerts from a variety of sources, Splunk ES enables you to carry out threat hunt...