Exam (elaborations)
Splunk Enterprise Security With Complete Solutions Latest Update
- Course
- Institution
Splunk Enterprise Security With Complete Solutions Latest Update...
[Show more]
Content preview
Splunk Enterprise Security With CompleteSolutions Latest Update
What is the Enterprise Security Flow?` - ANS 1. Raw Events indexed
2. Data model Summary Searches Run
3. Data available for ES | tstats
4. ES background searches (content) Process data
5. ES Searches Threats and anomalies
How is the security-related data required for ES collected? - ANS Through third-party
add-ons in your enterprise from servers, routers, etc.Then forward the data to splunk
What does ES heavily relies on? - ANSWER Accelerated Data Models
What model does ES uses to normalize the data? - ANSWER Es uses the Common
Information Model -CIM
What do the ES data models portray? - ANSWER Normalized data
How would you search the accelerated data? - ANSWER use | tstats searches with
summariesonly = true to search accelerated data.
|tstats summariesonly=t will do what? - ANSWER Restrict the search results to
accelerated data
How does ES run? - ANSWER Es runs real-time and with scheduled searches on
accelerated Data model data looking for threats, vulnerabilities or attacks.
, What are correlation searches? - ANSWER A search that runs continually in the
background looking for known types of threats and vulnerabilities
What is IOC? - ANSWER Indicator of Compromise
When any IOC is detected by a correlation search it - ANSWER ES raises an adaptive
response, a very common adaptive response is a notable event incident
What does the Security Posture dashboard provide? - ANSWER a cross-domain SOC
overview
What does the Incident Review dashboard provide? - ANSWER used to inspect and
manage incidents
How do correlation searches run? - ANSWER Either in real-time or on a schedule
What are common Adaptive responses (AR)? -ANSWER notable event, sending email,
running a script, and updating a risk score
Who can enable, disable, clone, modify or add a new correlation search? -ANSWER By
default, only ES admins have this capability
Correlation searches create notable events and place them in them where? -ANSWER In
the notable index
What do Notable Events include? -ANSWER they include fields, event types, and tags
that provide information to investigate
What field in the Notable Event shows the correlation search that created the Notable
Event? - ANSWER source
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Braxton. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
75632 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now