Badges

160 Points
3 Years
Top 10

User Activity

2 months ago
Yes. You need aggregation to show sustained activity over time which can indicate an attack, attempt to breach, or exfiltration. You need correlation to show things that happen contemporaneous which is especially useful if they should not or normally do not.
About 1 year ago
The SIEM is the detection/surveillance engine whereas the SOAR is the remediation/response engine
Over 1 year ago
I am admittedly biased but there are very good reasons that Splunk is the leader in this space. It all depends on your requirements if it is best for you. Splunk is pricey but I assume that budget is not really one of your concerns so that is good. The major strengths of…
Over 1 year ago
#1 is InfoSec #2 is BI #3 is IoT
Almost 2 years ago
What am I using for SOAR? What am I using for Ticketing? What am I using for communication? What am I using for ML/UBA? How quickly do I need to be operational? Will I be staffing my own SOC or farming that out (MSSP)? What is the bandwidth required for all of the data…
About 2 years ago
Answered a question: What Is SIEM Used For?
SIEM = Security Information and Event Management. It is any tool that monitors a computer system or network for intruders and generates notable events that security analysts sort through and respond to. The king of these is Splunk and my company, Splunxter.com are experts…

Reviews

Answers

About 1 year ago
Security Information and Event Management (SIEM)
Over 1 year ago
Security Information and Event Management (SIEM)
Over 1 year ago
Log Management
Almost 2 years ago
Security Information and Event Management (SIEM)
About 2 years ago
Security Information and Event Management (SIEM)

About me

Gregg Woodcock is a gun-toting, Christian, homeschooling father of three whose 25+ years of IT experience (primarily in Telecom) and early adoption of Splunk (v3) has positioned him on the leading edge of the Big Data explosion and uniquely qualified him to launch "Splunxter", a recently-formed, Splunk-focused professional services and contracting company headquartered in the Dallas area. He is the founder and chairman of the Dallas-area Splunk User Group, a two-time speaker at "Splunk Live!", a twice-invited speaker for LTE North America, an Instructor with Global Big Data Boot Camps, occasional street-preacher, and the current Chairman of the Constitution Party of Texas. He is a genuine evangelist of all the best things in life and that of course includes Splunk!

Interesting Projects and Accomplishments