Splunk Education Crossword for Enterprise Security

123456789101112131415161718
Across
  1. 6. One type of thresholding in a correlation search
  2. 7. Security _______, main high level dashboard showing current notable events
  3. 8. The engine that is used to search for multiple notable events and creates a specific type of event when they are found
  4. 9. One of the things that the CIM does
  5. 12. Used to hide events from incident review
  6. 15. A chronological collection of activities and notes to help determine the root cause of a threat or breach
  7. 16. A Splunk app that can be used to capture traffic without the use of an agent
  8. 18. One of many CIM compliant data models showing data such as success and failure
Down
  1. 1. A person, host, filetype or url used in investigations
  2. 2. A cumulative metric to help determine what assets and identities are worth investigating
  3. 3. Used within risk to map to a known security framework
  4. 4. You can add assets, identities and websites to this to highlight their use within your systems
  5. 5. Search used to discover security anomalies within your data
  6. 10. A type of event which can be triggered from a correlation search
  7. 11. You should enable this on all data models being used by ES
  8. 13. Calculated using severity and priority
  9. 14. When deploying, you need one of these dedicated to ES
  10. 17. Imperative to prevent false positives and negatives showing within your correlation searches