Table of Contents
In order to master Splunk, you must master Splunk’s Search Processing Language (SPL). This guide points you to some of searches that have the most useful documentation that helps new-comers learn SPL best.
Security Contents Page
The Security Contents Page is the main landing page for Splunk Security Essentials, providing a complete list of content and the ability to drill-down into any individual item. It’s the kicking off point for viewing all content in the app, and has a wealth of filters to help you hone in on exactly what you want.
We’ve provided an introduction for this page and a detailed description of the Search Journey Stages listed below. To get the full details just click “Show all lines”.
Use the filters below to find capabilities most relevant to you. For example, if you’re just starting out with Splunk for security and want to know what to begin with, you might opt to view all featured Stage 1 searches.
Focus on specific business concern: You can opt to select Stage 6 (all the Splunk Content)…
Drill down: Focus on a single issue, like Insider Threat.
Filter on specific data sources you already have in Splunk. For example, see some immediate detections you can deploy by filtering on the specific data source, such as, “Email Logs.”
In order to find and focus on exactly the examples you want adjust filters by hitting the menu icon. Don’t worry - All the settings you configure will be retained every time you open the page in this browser.
Splunk Security Essentials is not about the filters… it’s about the different examples to help with your specific use cases. Scroll down below to see what examples match the filters you’ve configured and how to start getting value with Splunk.
Each of the examples will give you a brief description, tell you the log sources, and also tell you any MITRE or Kill Chain phases.
Click into an example to get more detail. With the examples that only need Splunk Enterprise, you’ll also be able to view the full search string, along with detailed documentation. That’s it for this tour! Start exploring the examples and see how to get the most from your data with Splunk.
Splunk Search Deep Dive - a collection of .conf talks