Badges
75 Points
6 Years
User Activity
Over 3 years ago
Answered a question: What is the difference between IT event correlation and aggregation?
Yes. You need aggregation to show sustained activity over time which can indicate an attack, attempt to breach, or exfiltration. You need correlation to show things that happen contemporaneous which is especially useful if they should not or normally do not.
Over 4 years ago
Answered a question: What is the difference between SIEM and SOAR platforms?
The SIEM is the detection/surveillance engine whereas the SOAR is the remediation/response engine
Over 4 years ago
Answered a question: Which is the best SIEM solution for a government organization?
I am admittedly biased but there are very good reasons that Splunk is the leader in this space. It all depends on your requirements if it is best for you. Splunk is pricey but I assume that budget is not really one of your concerns so that is good. The major strengths of…
Over 4 years ago
Answered a question: What is your primary use case for Splunk Enterprise Security?
#1 is InfoSec
#2 is BI
#3 is IoT
About 5 years ago
Answered a question: What Questions Should I Ask Before Buying SIEM?
What am I using for SOAR
What am I using for Ticketing?
What am I using for communication?
What am I using for ML/UBA?
How quickly do I need to be operational?
Will I be staffing my own SOC or farming that out (MSSP)?
What is the bandwidth required for all of the data that…
Over 5 years ago
Answered a question: What Is SIEM Used For?
SIEM = Security Information and Event Management. It is any tool that monitors a computer system or network for intruders and generates notable events that security analysts sort through and respond to. The king of these is Splunk and my company, Splunxter.com are experts…
Over 6 years ago
Contributed a review of Splunk Enterprise Security: Our clients are easily able to modify and evolve their implementations
Projects
Over 6 years ago
We have built Splunk-based SIEMs from the ground upWe have buit SIEMs from the ground up using Splunk for some of the largest companies in the world.
Reviews
Over 6 years ago
Splunk Enterprise Security
Answers
Over 3 years ago
Event Monitoring
Over 4 years ago
Security Information and Event Management (SIEM)
Over 4 years ago
Security Information and Event Management (SIEM)
About 5 years ago
Security Information and Event Management (SIEM)
About me
Gregg Woodcock is a gun-toting, Christian, homeschooling father of three whose 25+ years of IT experience (primarily in Telecom) and early adoption of Splunk (v3) has positioned him on the leading edge of the Big Data explosion and uniquely qualified him to launch "Splunxter", a recently-formed, Splunk-focused professional services and contracting company headquartered in the Dallas area. He is the founder and chairman of the Dallas-area Splunk User Group, a two-time speaker at "Splunk Live!", a twice-invited speaker for LTE North America, an Instructor with Global Big Data Boot Camps, occasional street-preacher, and the current Chairman of the Constitution Party of Texas. He is a genuine evangelist of all the best things in life and that of course includes Splunk!
Interesting Projects and Accomplishments
Over 6 years ago