Implement two Splunk applications: Infosec and Security Essentials with customized use cases. Have visibility into events logged on their security platforms and fine-tune current controls for improvement of their information security posture.
- Intrusion event monitoring
- Antivirus monitoringtema).
- Authentication and changes within the active directory
- Monitoring of AntiSpam platform events.
- Construction of alerts
- Reports associated with security platforms
Information security directly and all areas of the organization indirectly.
Integrated data sources:
- • UTM Firewall (Fortinet).
- • Web Application Firewall (Fortinet).).
- • Active Directory.
- • Anti-Spam (Symantec).
- • Anti-virus (Symantec).
- • Vulnerability reports provided by third parties.
- • SOC service reports provided by third parties.