How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
Splunk sends security alerts. It's being used on two levels. One for the analysis of the data by the data scientists. Two, for the engineers to troubleshoot if there are any issues happening, like any security bugs, or anything that needs to be addressed and never mediated across.
The data from Splunk is used for network monitoring, apart from that, they are using another tool with this kind of logic as well. Splunk is not the primary tool. The database I'm using for real-time data for our client. We have only about 3-4 users on this solution.
We primarily use the solution for event management. We have a baseline that we monitor, and if anything goes wrong, we manage it.
The solution is primarily used as security correlation and event correlation. It's a place for all of your logs to go so that you can have all those logs co-ordinated during security events.
Our primary use for the product is for reporting for one of our systems. It fits a particular need for reporting so we have deployed it there.
We use this solution to examine the logs and consolidate and track incidents.
We are IT consultants and our primary use case for this solution is for analyzing machine data.
The primary use case of this solution is for security management. We gather security logs from intrusion detection and prevention systems, such as firewalls, web application firewalls, and system logs from Linux and Windows servers, as well as anti-malware system logs. We combine them with Splunk to analyze our security level for our company. We use this data to analyze our company security situation and to define security use cases, like attacks. When we find these attacks, we contain them and mitigate our security flaws in our business environment.
For us, we use this product to create a special kind of log. It just logs everything for what it is monitoring and does the parsing afterward based on a packet that you impose on the logs. Then you can extract the data out of the fields that the logs normally comprised of. Typically, people just monitor applications, network infrastructure, and compliance.
I'm working at a Tech Services company and I would like to understand the competitive advantages of Nagios XI vs other Network Performance Monitoring(NPM) tools.
Can you share your expertise on this topic?Thanks