Supercharging Splunk® for Security

If your security team uses Splunk to run your SOC (whether core or ES) chances are you are not leveraging its full range of capabilities.

Highland Defense can help. Our Supercharging Splunk offering is a mini-sprint that will bring quick wins and instant ROI to your team in less than a week.

Areas of Focus: Leveraging advanced Splunk features and configurations for:

• Threat hunting

• Incident response

• General Splunk skills

Outline: Review current use of Splunk as a security tool and provide guidance for:

• Detection coverage and efficacy

• Leveraging all data sources available

• Search performance and scheduling

• Incident Response Workflow

• Useful searches

Deliverables: Training and Report

• Customized one-day training session for your entire team

• Calibration report - What’s working well & what’s been tuned

• Further recommendations for strengthening and optimizing

Time Required:

• Review - 3 days of 4 hours with individual team members

• Training - 1 day of 6 hours with team members of your choice

NOT Required:

• Enterprise Security - not required

• Access to your environment - not required (review and trainings can be done via web-conference screen shares)