SIEM Workflow & Best Practices




Triage with confidence:
trustar & Splunk ES workflow demo


Splunk is essential to most SOC operations, but it also has the tendency to overwhelm teams with alerts.

A key method of triaging and prioritizing alerts comes from intelligence enrichment; bringing in additional context from case management and orchestration tools, as well as external intelligence sources.

In this interactive training, TruSTAR Intelligence Architect Doug Helton will demonstrate SIEM workflow best practices through TruSTAR's new Splunk and Splunk ES integration to help teams better triage and prioritize alerts.

Learn how to:

  • Prioritize Alerts - Identify recurrent and related events based on correlations with historical case management ticket and SIEM data.
  • Accelerate Investigations - Enrich IOCs of interest and operationalize internal and external sources into your Splunk workflow.
  • Investigate & Respond - Triage SIEM alerts based on context and severity.

This live training webinar took place on: Tuesday, December 10, 2019.

More Workflow Training Sessions:


Training: Everything You Need to Know About Phishing Triage 

Phishing emails are time-consuming to triage. Learn how to create a phishing repository using TruSTAR's email ingest feature to help your team more easily correlate known-bad entities. 

Read More


Training: Case Management Workflow & Best Practices

When investigating and responding to alerts, security analysts need maximum context to make an informed decision on next steps as quickly as possible. Learn case management workflow best practices through TruSTAR's ServiceNow integrations.

Read More