Back to the Blog

Splunk ES - Lets Correlate

Posted by Krishan Patel on Tuesday, February 17, 2015 - 15:52 Operational Intelligence Splunk, ES, correlation searches

Splunk ES – Creating Custom Correlation Searches

 

In today's blog I will be discussing one of the very valuable features of the Splunk App for Enterprise Security. Correlation searches provide a very highly customizable level of security based detection and alerting within Splunk and ES.

 

What is a Correlation Search?

A correlations search is a type of saved search used to detect suspicious events or patterns in your data. If a suspicious event is detected, a notable event is created. The notable event...

read more

MS Windows, Splunk App for Enterprise Security 3.0 and the Case of the Disappearing Assets and Identities

Posted by Ridwan Ahmed on Friday, March 28, 2014 - 15:33 Operational Intelligence Enterprise Security, ES, Splunk, troubleshooting, windows

Are you wondering where your Assets are?  Why you can't find your identities, perhaps? Are you on Windows? With the recent release of version 3.0, there has been huge improvements in the power of the ES app, and the ease of its use. The Assets and Identities are one of the cornerstones of the ES app, and there is a major change in the way these files operate in ES 3.0 compared to ES 2.4.

Asset management provides additional information about the source and targets of events. This information can be used to correlate multiple events to a single host, identify the location of the host...

read more
Stay In Touch