Description
Review of SPLUNK Architecture in situ compromising;
-
Review of Splunk's Enterprise Security (ES) application,
-
Hardening Configuration of Hardware and infrastructure related to current As is',
-
Patching of environment to current levels,
-
Configuration of Event reporting and Speed of processing,
-
Multiple Intermediate Heavy Forwarders including High Availability,
Review documentation set, to include;
-
HLD/LLD Design
-
Policy/Processes/WI
-
Support documentation, such as inclusion in OMG.
You must have SIEM experience to conduct this activity, together with detailed understanding of the Common Vulnerability Scoring System Version 2 to rate vulnerabilities.