Using SPLUNK to Implement SIEM Capabilities


  • Remaz Alawaji
  • Dalal Alshiekhi
  • Adel M. Ilahi


The data in logs may differ in general helpfulness, yet before one can infer much value out of them, they initially should be empowered, at that point can transport and eventually stored. SIEM items normally give a large number of the highlights required for log administration, but add event-reduction, cautioning and continuous examination abilities. They give the layer of innovation that enables to one to state with certainty that is logs being accumulated as well as being evaluated.  Splunk security solutions not just meet the new criteria for the present SIEM, yet in addition deliver security analytics capabilities, giving the significant setting and visual bits of knowledge that assistance security groups to settle on quicker and more intelligent security choices. Splunk software can be utilized to work security operations centers and support the full scope of Information Security Operations including standardized evaluation, monitoring. Splunk also support for SIEM utilize cases likewise, detect known and obscure dangers, and explore dangers. This study utilized Splunk to implement SIEM capabilities.