It could take anywhere from 30 minutes to a full day per data source to modify the logs to be CIM compliant. For the half that is not, there is a bit of legwork required by an organization’s Splunk Admin (or Aditum’s Professional Services could be utilized). What work needs to go into making your data CIM compliant? Aditum’s Professional Services engineers estimate that roughly 50% of the Apps and Technology Add-ons (TAs) on Splunkbase are already CIM compliant. All searches, dashboards, and reports use the data models to return results and events to users. Only events that have been normalized to the CIM will be included in the data models that are being accelerated. The Common Information Model is Splunk’s method of data normalization. The most important part of getting Splunk ES to work and getting its pre-built dashboards and other content to “light up” is ensuring that all your data is Splunk CIM (Common Information Model) compliant. Ok, so you have purchased Splunk Enterprise Security and you have the right hardware in place. Getting Up and Running with Splunk Enterprise Security You can read more about the recommended hardware requirements here. Under the hood, ES is performing data model acceleration and correlation searches that are very resource-intensive, especially on CPU. This also needs to be paired with sufficient disk I/O and storage space at the indexing layer (minimum 800 IOPs random seek). The minimum hardware requirement specifications to run ES efficiently are 16 CPUs and 32 GB. Unlike some other Splunk server roles, the ES app requires its own dedicated search head. You need to have a mature, performant Splunk environment in place before you can reap the full benefits of Enterprise Security. The first thing to know about Splunk Enterprise Security is that it runs on top of Splunk Enterprise (or Splunk Core). In this article, we will discuss the features that make Splunk Enterprise Security the high-powered SIEM tool that it is. The Splunk Enterprise Security app provides prebuilt content, including correlation searches, to help security analysts streamline investigations within their IT environments.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |