Table of Contents
For those trying to figure out how to build their security monitoring practice on Splunk, it can be useful to consult a guide for that. There are many available resources for building a SOC, or SIEM, or Monitoring Practice, and this guide will point you to a few.
Security Data Journey
Splunk’s security experts analyzed a typical path that Splunk customers take through their Splunk Journey and formed it into six maturity stages. These will help you understand what data to ingest when, and what challenges and milestones are typically faced as organizations move forward.
The Security Data Journey walks you though the path that we typically see newer customers walk as the mature. It details each stage with milestones and common challenges.
The Journey also includes the data sources that we commonly seen at each stage of the journey for users pursuing Security Monitoring.
Drag the slider-bar on the right side to view the details for other stages of the Journey.
All of the content in Splunk Security Essentials is oriented towards this journey, so that if you’re just getting started you can limit yourself to just Stage one.
Gartner: How to Plan, Design, Operate and Evolve a SOC
Book: Crafting the InfoSec Playbook
MITRE: Ten Strategies of a World-Class Cybersecurity Operations Center
.conf Preso: Maturing Workday’s SOC with Splunk
Gartner: The Five Characteristics of an Intelligence Driven Security Operations Center
.conf Preso: Exploring the Frameworks of Splunk Enterprise Security
CSIS: Recruiting and Retaining Cybersecurity Ninjas
Splunk: Building a SOC with Splunk