Splunk® Security Content

Analytic Stories

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Introduction to Splunk Analytic Stories

Splunk Analytic Stories are security guides that provide you with tactics, techniques, and methodologies to assist with detection, investigation, and response. They include easy-to-read background information, key context for motivations and risks associated with the attack techniques in question, and pragmatic advice on how to combat those techniques.

Each story is mapped to various frameworks, including MITRE ATT&CK, Lockheed Martin Kill Chain phases, CIS controls, and NIST, and includes the following content objects:

  1. Detection: OOTB detection techniques in the form of detection searches or machine learning models
  2. Investigation: Searches and/or Splunk Phantom playbooks that help the analyst determine whether a notable event is true-positive. For example, the analyst may wish to review additional notables related to the participating entity (additional detections). They may also need to gather collaborative evidence and additional contextual information.
  3. Response: These help the analyst conduct specific response actions to remediate the incident.

Analytic Stories are categorized by use case and can be accessed via the Splunk Enterprise Security (ES) Use Case Library or the Splunk Enterprise Security Content Updates (ESCU) app.

Last modified on 29 October, 2019
PREVIOUS
Splunk Security Content Analytic Story
  NEXT
What's Inside an Analytic Story

This documentation applies to the following versions of Splunk® Security Content: 3.22.0, 3.23.0, 3.24.0, 3.25.0, 3.26.0, 3.27.0, 3.28.0, 3.29.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters