splunk Archives - Lewis Data Security

Splunk Data Models

Splunk data models are a security professional’s best friend in terms of alerting, investigation, and audit. Splunk ES has an entire suite of baked-in correlation searches, but I want to talk about models a bit.

If you don’t know what Splunk is, hey, stop and go check out their free demo. I’ve never made a dime from Splunk as of this writing, but I like their software and wish Kibana were as functional for security purposes.

Continue reading “Splunk Data Models”

I’m Aaron. I live in Las Vegas, Nevada. I like security, unix, and whiskey; sometimes all three together. Feel free to hit me up on LinkedIn if you like.

Everything here is at your own risk; I am not responsible for you breaking your shit or your site getting owned.

This site is ad-free and funded entirely via the occasional Amazon affiliate link.

If you don’t know much about IT or security, start with Computer Networks. It’s decades old, but virtually all of the concepts are still relevant and it’s a great book.

If you do know a few things, it’s worth picking up the Red Team Field Manual.