Setting up Splunk SIEM

From: Is Cybersecurity Automation the Future? (accessed by Benjamin Hobbs on 7/21/2023)

Cybersecurity Automation is trending. The thought process here is that we can increase efficiency and free up people to concentrate on more high-priority tasks by automating the mundane and repeatable tasks.

What is Automation exactly?

Automation in cybersecurity can mean many things. Lately, it has usually been used to refer to two tools specifically, Security Orchestration and Automation (SOAR) and Robotic Process Automation (RPA). Other methods of automation consist of coding processes.
- SOAR products are purpose-built tools that coordinate activities between multiple security tools and perform specific automation tasks in response to identified threats.
- RPA tools are a fairly broad set of tools that allow for many processes to be automated. RPA tools have recently seen wide adoption in the HR and Finance fields, yet may also be employed by cybersecurity teams.

Benefits of Automation

Implementing automation frees up cybersecurity professionals to address more complex or higher priority issues such as:

Engineering and Architecture: Creating design solutions for cybersecurity strategies like Zero Trust or Cyber Hygiene
Remediation Activities: Reducing attack surface and implementing solutions to have fewer enterprise vulns
Automation Dev and Engineering: Improving the automation that is improving our lives.

Where to begin

Automation begins with transparency and visibility of existing processes.

Create Playbooks

Create a playbook of the processes that you want to develop.
- This will enable detailed review, refinement, and systematic analysis

Automated Incident Response Explained

Questions for understanding

How would a security team benefit from implementing a SOAR solution?

The SOAR could automate the processes of the threats that are readily identifiable, which would free up the security to address the creative issues and work on overall organizational posture.
- Improving Zero Trust Implementation and Cyber Hygiene
- User Training and Awareness
- Threat Hunting

Explain how a SOAR solution fits into the Incident Response process.

SOAR can greatly help with detection and analysis.
SOAR can free up manpower and resources to better address Containment, Eradication, and Recovery efforts.
During Post-Incdent Activity like After-Actions or Hot Washes, SOAR would prove to be a wealth of knowledge as it maintains a record of incident timeline events and actions.

Additional Resources

Splunk offers its own proprietary set of certifications you can pursue to demonstrate proficiency in its products. A free LMS is available for self-paced learning which includes videos, documentation, labs and quizzes. Students wishing to add SIEM expertise to their resumes are encouraged to study these materials.

Setting up Splunk SIEM

Setting up Splunk SIEM

What is Automation exactly?

Benefits of Automation

Where to begin

Create Playbooks

Questions for understanding

Additional Resources

Splunk Learning Paths (from Splunk.com)

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally