Try our new research platform with insights from 80,000+ expert users

Badges

75 Points
6 Years

User Activity

Over 3 years ago
Yes. You need aggregation to show sustained activity over time which can indicate an attack, attempt to breach, or exfiltration. You need correlation to show things that happen contemporaneous which is especially useful if they should not or normally do not.
Over 4 years ago
The SIEM is the detection/surveillance engine whereas the SOAR is the remediation/response engine
Over 4 years ago
I am admittedly biased but there are very good reasons that Splunk is the leader in this space. It all depends on your requirements if it is best for you. Splunk is pricey but I assume that budget is not really one of your concerns so that is good. The major strengths of…
Over 4 years ago
#1 is InfoSec #2 is BI #3 is IoT
About 5 years ago
What am I using for SOAR What am I using for Ticketing? What am I using for communication? What am I using for ML/UBA? How quickly do I need to be operational? Will I be staffing my own SOC or farming that out (MSSP)? What is the bandwidth required for all of the data that…
Over 5 years ago
Answered a question: What Is SIEM Used For?
SIEM = Security Information and Event Management. It is any tool that monitors a computer system or network for intruders and generates notable events that security analysts sort through and respond to. The king of these is Splunk and my company, Splunxter.com are experts…
Over 6 years ago
Contributed a review of Splunk Enterprise Security: Our clients are easily able to modify and evolve their implementations

Projects

Over 6 years ago
We have built Splunk-based SIEMs from the ground up
We have buit SIEMs from the ground up using Splunk for some of the largest companies in the world.

Reviews

Answers

Over 4 years ago
Security Information and Event Management (SIEM)
Over 4 years ago
Security Information and Event Management (SIEM)
About 5 years ago
Security Information and Event Management (SIEM)
Over 5 years ago
Security Information and Event Management (SIEM)

About me

Gregg Woodcock is a gun-toting, Christian, homeschooling father of three whose 25+ years of IT experience (primarily in Telecom) and early adoption of Splunk (v3) has positioned him on the leading edge of the Big Data explosion and uniquely qualified him to launch "Splunxter", a recently-formed, Splunk-focused professional services and contracting company headquartered in the Dallas area. He is the founder and chairman of the Dallas-area Splunk User Group, a two-time speaker at "Splunk Live!", a twice-invited speaker for LTE North America, an Instructor with Global Big Data Boot Camps, occasional street-preacher, and the current Chairman of the Constitution Party of Texas. He is a genuine evangelist of all the best things in life and that of course includes Splunk!

Interesting Projects and Accomplishments