Content Development: Assist in the development of Splunk search queries, dashboards, alerts, and reports for both Splunk ES and Splunk ITSI. Tailor content to meet specific security monitoring, incident detection, and performance management requirements.
Splunk ES Configuration: Configure and maintain Splunk Enterprise Security (ES), including creating custom correlation searches, notable events, and risk analysis dashboards that provide actionable security insights.
ITSI Implementation: Assist in configuring and customizing Splunk ITSI (IT Service Intelligence) to provide real-time monitoring and alerting of critical IT services. Create service models, define KPIs, and enhance notable events to facilitate comprehensive IT operations visibility.
Data Models & CIM Mapping: Work with data models in Splunk ES and Splunk ITSI, ensuring that data is mapped correctly to the Common Information Model (CIM) and can be used effectively across various applications. Ensure efficient use of data models for optimized searches and reporting.
Dashboards & Visualizations: Develop interactive and insightful dashboards and visualizations that provide clear, actionable data for security analysts and IT operations teams. Focus on creating user-friendly interfaces that enable rapid detection and response.
Optimization & Tuning: Continuously improve the performance and efficiency of existing content, queries, and data models by optimizing searches, reducing unnecessary load, and improving overall system performance.
Collaboration: Work closely with security analysts, IT operations teams, and other stakeholders to understand use case requirements and ensure that Splunk content effectively supports business needs.
Documentation & Knowledge Sharing: Document and share best practices, content development guidelines, and procedures with the team to ensure consistency and ease of maintenance.