Solved: Where to find more correlation searches?

echojacques · ‎08-23-2013

My Splunk + Enterprise Security installation came with 51 canned correlation searches. For example, searches to discover Brute Force Behavior, LogMeIn activity, etc. All have been very useful and leave me wanting more.

Is there a place where I can get/find more correlation searches without having to write them myself? I think the correlation searches are just as useful/valuable as Splunk apps.

Thanks.

jcoates_splunk · ‎08-23-2013

Hi,

One thing to note is that correlation searches are just Splunk searches with a decision in them... Gather data, make a test, and check the result. Here's a blog post on the basic technique: http://blogs.splunk.com/2012/10/01/simple-correlation-in-splunk/

As Luke notes, we'd be happy to help if you have a specific idea in mind!

View solution in original post

jcoates_splunk · ‎08-23-2013

Hi,

One thing to note is that correlation searches are just Splunk searches with a decision in them... Gather data, make a test, and check the result. Here's a blog post on the basic technique: http://blogs.splunk.com/2012/10/01/simple-correlation-in-splunk/

As Luke notes, we'd be happy to help if you have a specific idea in mind!

echojacques · ‎08-23-2013

Thanks, and I'll post if I think of new correlation search ideas. Just thought there might be a place where Splunk users are sharing them.

LukeMurphey · ‎08-23-2013

There isn't really a another source for Correlation Searches. That said, I would love to hear your ideas; perhaps I could get a few written for you. Let me know what ideas you have.

lukejadamec · ‎08-23-2013

There is a place, here.
Like Luke^ said, post what you think you need.

Where to find more correlation searches?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!