The Security SPL Basics “Lunch and Learn” workshop was designed for all personas on a Security Operations team responsible for security monitoring and incident response. It was a hands-on workshop designed to familiarize participants with how to leverage Splunk to search security events and provide users a way to gain familiarity with searching in Splunk, as well as introducing a set of commands that allow a user to effectively examine security events. The workshop leveraged the popular Boss of the SOC (BOTS) dataset in a question-and-answer format. Users came away with a better understanding of how to search in Splunk as well as learn specific search commands and when to use them.

Attendees joined this workshop led by SEs, Security SMEs, CSMs, and specialists to expose customers and prospects to searching in Splunk as well as introduce a set of searches and commands that help users gain insight into their security event data. During this workshop, we:

• Familiarized yourself with the Splunk interface

• Went over searching fundamentals

• Introduced key Splunk commands

• Had Q&A sessions throughout the workshop providing opportunities to write your own searches