Log Analysis with Splunk

Why this topic matters?

• Splunk is a valuable tool to learn about because its a powerful platform.
• Its built to search, monitor, and analyze machine generated data.
• Knowing about Splunk is a valuable skill in the IT and cybersecurity job market.

What are three tasks which SOCs often perform?

• SOCs often monitors, detects, analyzes and responds to cybersecurity incidents and threats.
• SOC personnel are also responsible for finding weaknesses within and without the organizations.

Explain what a SIEM solution is and how the SOC utilizes it in non-technical terms.

• Security information and event management (SIEM) is a single system that offers full visibility into activity within an organizations networks.
• It collects, parsing, and categorizes machine data from various sources on the network.
• In non technical terms, I would say that SIEM allows you to see a lot more. The things we see is data and alerts that points to things that could mean bad news for the system.

How does the typical SOC team structure resemble the structure of an IT Help Desk.

• They both have the same hierarchy or tired structure. The lower the level (position), the more basic support/knowledge level, while the higher levels will be more advanced support/expertise.

Things I want to know more about

• I'd like to know more how SOCs build or set the SIEM architecture. Knowing how components like data collectors, correlation engines and user interfaces are set up would be cool to know.