Tag: SIEM & EDR

The Theory and Reality of SIEM ROI

Many things are written about SIEM, yet my personal experience with these wonderful tools began back in 2007. Today the technology itself is more than 18 years old and SIEM is by all means a mature market. Together with clients, team and partners I was privileged to actively participate in more than a hundred of […]

Read More
Active Lists in ArcSight, Automatic Clearing. Part 2

A very common task for all ArcSight content developers is cleaning active lists on a scheduled basis or on-demand automatically. In the previous post I have described how to clear Active Lists on scheduled basis using trends: https://socprime.com/en/blog/active-lists-in-arcsight-automatic-clearing-part-1/ Today I will show you another two ways how this can be achieved. Automatic clearing of Active Lists […]

Read More
Creating a simple dashboard that monitors accessibility of sources in Splunk

In the previous article, we have examined using depends panel for creating convenient visualizations in dashboards. If you missed it, follow the link: https://socprime.com/blog/using-depends-panels-in-splunk-for-creating-convenient-drilldowns/ Many people who begin to study Splunk have questions about monitoring the availability of incoming data: when the last time the data came from a particular source, when the data ceased […]

Read More
Using depends panels in Splunk for creating convenient drilldowns

In the previous article, we have examined simple integration with external web resources using drilldowns. If you missed it, follow the link: https://socprime.com/en/blog/simple-virus-total-integration-with-splunk-dashboards/ Today we will get acquainted with one more interesting variant of drilldowns in Splunk: using depends panels. Depends panels in Splunk: an interesting way to use drilldowns in dashboards Very often there is […]

Read More