Splunk for Blue Team: SPL Queries and Investigation Patterns
Architecture, essential SPL commands, and real investigation patterns from a SOC perspective
May 4, 20266 min read5
Search for a command to run...
Series
SIEM platforms and detection patterns: Splunk SPL, Elastic Stack with KQL, investigation patterns, brute-force and C2 hunting techniques.
Architecture, essential SPL commands, and real investigation patterns from a SOC perspective
Architecture, ECS, KQL queries, and Kibana investigation patterns for blue team work