Related Answers
Download topic as PDF
Introduction to Splunk Analytic Stories
Splunk Analytic Stories are security guides that provide you with tactics, techniques, and methodologies to assist with detection, investigation, and response. They include easy-to-read background information, key context for motivations and risks associated with the attack techniques in question, and pragmatic advice on how to combat those techniques.
Each story is mapped to various frameworks, including MITRE ATT&CK, Lockheed Martin Kill Chain phases, CIS controls, and NIST, and includes the following content objects:
- Detection: OOTB detection techniques in the form of detection searches or machine learning models
- Investigation: Searches and/or Splunk Phantom playbooks that help the analyst determine whether a notable event is true-positive. For example, the analyst may wish to review additional notables related to the participating entity (additional detections). They may also need to gather collaborative evidence and additional contextual information.
- Response: These help the analyst conduct specific response actions to remediate the incident.
Analytic Stories are categorized by use case and can be accessed via the Splunk Enterprise Security (ES) Use Case Library or the Splunk Enterprise Security Content Updates (ESCU) app.
This documentation applies to the following versions of Splunk® Security Content: 3.22.0, 3.23.0, 3.24.0, 3.25.0, 3.26.0, 3.27.0, 3.28.0, 3.29.0
Feedback submitted, thanks!