Search
  • danielpwilson

Some thoughts on PenTests, Vulns and Patching as Use Case Tools

I was shocked when folks didn't think there SIEM had anything to do with with the following. Below I how I summed it up for the big boss. 1) PenTests 2) Vulnerability Testing 3) Patch management 4) Risk Assessments

PenTest - Shows you what your forgot to secure - If you made the mistake before there is a good chance you will make it again. - Give you a list of new use cases for Splunk Vulnerability Testing - Tells you what you forgot to patch, doesn't tell you that you are patched. - Can't test everything and prone to errors. - The data is pumped into Splunk so you can know if you were vulnerable to a exploit Patch Management - This is the act of keeping up with your vendor, have a policy. Long past are the day where we're proud of uptime. Patch! - Splunk keeps track of your patching performance and history Risk Assessments - Tells you where to install Splunk - Tells you where to focus your use case development - Shows your progress on reducing your risk with Splunk KPIs Can you think of any other way of bullet pointing the value of the SIEM on these? I'd love to hear your thoughts.

8 views0 comments

Recent Posts

See All

How do I learn Splunk administration?

Had an old coworker hit me up a week ago. He took a job as a SOC analyst where part of his job is going to be supporting Splunk. He's a smart guy but Splunk is more complex than it looks. Given I've a