General
Powerful software platform used to collect, analyze, and visualize machine-generated data
What is a Security Information and Event Management (SIEM)?
Company founded in 2003 by Rob Das and Eric Swan.
What is Splunk?
Most common wildcard, used in search terms to match any sequence of characters.
What is an asterisk (*)?
This dashboard shows all triggered notable events
What is Incident Review?
This type of search links multiple events based on shared fields like src, user, or host
What is a correlation search?
Proprietary query language used to search, analyze, and manipulate data within Splunk
What is Search Processing Language (SPL)?
The company name, Splunk, was inspired by this sport
What is "spelunking"?
Displays a table of your previously run searches in the current app
What is the "history" command?
This field in a notable event indicates its importance
What is urgency?
This mapping allows correlation searches to align with MITRE ATT&CK tactics
What is security content mapping?
A repository where Splunk stores and organizes your data
What is an index?
In 2023, this company announced its acquisition of Splunk for $28B
What is Cisco?
This field in a correlation search defines how often the search runs, such as every 5 minutes or hourly
What is the "cron" schedule?
This action can be taken on a notable event to assign it to an analyst
What is assign owner?
This field accumulates risk scores for identities over time
What is risk_object?
An instance dedicated to managing and coordinating searches in a distributed environment
What is a Search Head?
Company expanded into cybersecurity with the introduction of this product in 2015
What is Splunk Enterprise Security?
Correlation searches are typically built using this SPL command to filter and transform raw data into security-relevant insights.
What is "|" search?
This status means the event has been reviewed and resolved.
What is closed?
This framework helps prioritize alerts based on user and asset risk
What is Risk-Based Alerting (RBA)?
A collection of defined fields, extractions, event types, and other data objects stored on the search head
What is a knowledge object?
This solution uses artificial intelligence and machine learning to provide end-to-end visibility into IT infrastructure and services.
What is Splunk IT Service Intelligence (ITSI)
Feature allows correlation searches to trigger adaptive responses such as creating a notable event or sending an alert
What is an adaptive response action?
This field links a notable event to a correlation search.
What is rule_name?
This type of search increases a user’s risk score based on suspicious behavior
What is a risk modifier search?