gehe zu: SecOps SPL (German version)

 SecOps SOC Overviewsml

Introduction

SecOps SPL is a native Splunk app for more security in your company.

It combines all important functions and features for efficient Security Operations at significantly lower costs in relation to comparable products / Add-Ons in the Splunk context.

In particular, employees in the areas of SOC, CTA / CTI, Security Architecture and Use Case Development are enabled to carry out their tasks adequately, quickly and in a targeted manner.

Integrated well-known Security Frameworks and Reporting capabilities help you keep an overview, identify gaps and carry out regulatory audits - which are common in the financial industry - more easily.

 

An excerpt from the functional overview of SecOps SPL

  • full multi-tenancy without limitations
  • GUI-based processes for ...
    • ... the SOC with all open Alerts, including their processing for all tenants
    • ... the Incident Management done by CTA Team (Cyber Threat Analytics)

    • ... the Administration of
      • Monitoring Targets
      • Alarm Status and Stages
      • Use Case Library
      • Settings of the Auto-Grouping and Auto-Closing functions of Alerts
      • Parameter setting of the automatic Use Case Testing

    • ... the Use Case Administration
      • Assignment / Activation / Deactivation of Use Cases to/for earch tenant
      • Assignment of Use Cases to attack techniques (MITRE ATT&CK, BAIT oder KAIT)
      • in future also DORA and requirements based on the new German governmental rules NIS2UmsuCG and KRITIS-DachG
      • Staging Concept (Development -> Test -> Production)

    • ... the Use Case Testing
      • manually or automatically
      • Recertification based on self-defined rules per Use Case

    • ... the Welcomelisting* ("Whitelisting") of alerts 
      • Assignment / Activation / Deactivation of Use Cases to/for earch tenant
      • Recertification based on self-defined rules per alert

    • ... the Reporting
    • ... the Health Monitor

 

Other features are ...

  • ... the formalized Use Case Development
  • ... the mandatory use of a few Macros in each Use Case for these functions
    • Activation / Deactivation per tenant
    • Assignment of alerts to tenants
    • Assignment of a unique ID per alert for all follow-up processes, evidence and forensic investigations
    • Uniform and structured provision of the necessary information (data fields) to the SOC through each Use Case

  • supported (required) Roles
    • Use Case Factory (UC Development)
    • SOC (Security Operations Center)
    • CTA / CTI (Cyber Threat Analytics, Cyber Threat Intelligence)
    • RM / CSA (Risk Managment / Cyber Security Architecture)

  • completey realised in XML / SPL plus a few simple JavaScripts for CSS

 

Downloads

Powerpoint Presentation as pptx file SecOps SPL.v2024-Q1.en.pptx (no Macros, open in "read only" mode)

Powerpoint Presentation as mp4 video SecOps SPL.v2024-Q1.en.mp4 (Each slide is shown for 7 secs)

 

*SecOps SPL uses the terms "welcomelist" and "blocklist" for the former and burdened terms "whitelist" and "blacklist"