Filtering procedures by security maturity in Splunk Security Essentials
Splunk Security Essentials offers default procedures for a variety of security use cases and for every stage of the security journey. The procedures provide a way to start ingesting your data into Splunk Enterprise and monitoring useful metrics within your environment. For more information on available procedures, see Review your content with the Security Content page.
Security maturity journey stages
There are six stages of security maturity. Go to Data > Security Data Journey to see the journey stages and to filter the procedures available at each stage. The following table describes the six stages:
Stage | Description |
---|---|
1. Collection | Collect basic security logs and other machine data from your environment. |
2. Normalization | Apply a standard security taxonomy and add asset and identity data. |
3. Expansion | Collect additional high fidelity data sources like endpoint activity and network metadata to drive advanced attack detection. |
4. Enrichment | Augment security data with intelligence sources to better understand the context and impact of an event. |
5. Automation and Orchestration | Establish a consistent and repeatable security operation capability. |
6. Advanced Detection | Apply sophisticated detection mechanisms, including machine learning. |
Related resources for Splunk Security Essentials | Search in Splunk Security Essentials |
This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1
Feedback submitted, thanks!