What is our primary use case?
With the use of Splunk, we were able to identify a brute force attack against a "switch" network device. An external attacker attempted to connect multiple times using multiple usernames. Splunk was able to detect these attempts and immediately blocked these attempts.
How has it helped my organization?
Splunk has facilitated the correlation of information security logs to look for incidents which could cause damage to the company's infrastructure, as well as financial losses from leaks.
What is most valuable?
Splunk's ability to receive all types of data and identify it correctly. It obtains a correlation of the logs and identifies incidents.
What needs improvement?
Splunk can improve regex/asset analysis as we do not want to crawl until it is done. I could not find a timestamp for when the log was processed and generated.
For how long have I used the solution?
One to three years.
Which version of this solution are you currently using?