Monday, October 30, 2023

Project #11 Project Title: Splunk Data and System Administration Duration: 22nd Feb. 2018 to 26th Jul. 2021

Role - Area:  Splunk Consultant – Others      

Skill Used:  Splunk 7.x, Splunk Enterprise Security
 

Description:  

  • Client wants to monitor their servers through remote location 
  • Notify any failure condition or unexpected behavior of server 
  • High and critical priority alerts should be send to managerial team 
  • Medium and low priority alerts should be send to all employee

 

Responsibility:  

  • Decide the privileges provided to each new user. 
  • Create a role based on experience and expertise in Splunk. 
  • Create various users and set appropriate roles for them to use the Splunk Enterprise. 
  • Create Macros, Tags and Event Types as per the client need 
  • Created multiple alerts as per the need of client. Decide the priority of alerts 
  • Install Universal Forwarder on all servers and connect them with Splunk Enterprise Master.
at
Location: Pune, Maharashtra, India

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

35 Use Cases using Splunk SIEM to reduce False Positives

Use Case Name 1. BRUTE FORCE ATTACK DETECTION ON WINDOWS SYSTEMS Goal Excludes routine status cod...