2/13/2023 0 Comments Using splunk enterprise security![]() Plus there are so many macros you really have to dig deep to figure out what's actually happening. A con of ES' magical lookups is that they have a bajillion autolookups for src/dest to get hostnames and other asset information. It's a behemoth and quite daunting from the beginning, but with a good understanding of how macros, lookups, and datamodels work, all you have to learn is how ES leverages them and what the pros/cons are. I would definitely strongly recommend Pro Services like I mentioned, but if you're a Splunk whiz that just hasn't implemented ES before, you can probably take it on. ES Admin is much more helpful, even for people that will not be administrators, because it actually explains how it works and gives you an idea of how to add stuff to ES, as well as understand what's really happening when a notable fires (how risk is aggregated, assets/identities, etc).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |