Do you use DataModels? Do you use the Common Information Model? Do you use drilldowns? Do you use Macros? Do you think your Splunk-based SIEM as as good as it can be? Are you periodically reviewing the initial setup underpinnings to be sure they are still valid? Could it be that you don't know what you don't know? Whether you are using ES, Alert Manager or your own home-brew thing, this DASUG will help!
You will walk away with:
1: A search to validate your CIM index macros.
2: A search to validate your SIEM Search curation.
3: Macros to make your searches/drilldowns more accurate, flexible, and easy to read.
This will be BOTH a virtual event AND a live event @ NEW VENUE: Set Solutions in Frisco:
25N Coworking Frisco
9355 John W. Elliott Dr #25
Frisco, TX 75033
Located in the first floor of the Waterford Market apartments.
See map for the main entrance and parking information:
Feel free to start the conversation early in the #dallas channel of splunk-usergroups.slack.com (sign up with http://splk.it/slack).