I'm discovering Splunk enterprise to build an application from scratch to perform correlations and detect incidents that affect web applications and endpoints.
I need to collect logs from ESET antivirus, Vulnerable web applications, endpoint workstations.
The Splunk application includes dashboards, alerts, and reports allowing to monitor accesses, attacks, vulnerabilities…, logs, configuration tasks - monitoring of configuration integrity,…. While giving administrators an accurate real-time image of incidents, access requests, web attacks, bypass….
Creation of KPI indicators at dashboard level by monitoring connections in real-time.
Simulation of web and endpoint attacks to validate applied correlations
Can you please guide me on the steps I should take?
what are your recommendations?
Aucun commentaire:
Enregistrer un commentaire