An old challenge that most users have no idea about. Below my takes, from 2016: https://opstune.com/2016/12/13/siem-tricks-dealing-with-delayed-events-in-splunk/… - Alex Teixeira - Medium

Proper time searches in Splunk for Detection Engineering
12
1
Vit Bukac
Alex Teixeira
·Follow
Jan 2, 2024
--
An old challenge that most users have no idea about. Below my takes, from 2016:
https://opstune.com/2016/12/13/siem-tricks-dealing-with-delayed-events-in-splunk/
https://opstune.com/2017/06/01/its-about-time-to-change-your-correlation-searches-timing-settings/
I also wrote about similar issue with MS Sentinel:
https://ateixei.medium.com/different-siems-same-challenges-only-time-generated-will-tell-fee56b9391e9?sk=01fdc8b97936196a0e194814f81d25d4
--
--
Written by Alex Teixeira1.96K Followers
·513 Following
I design and build detection and SIEM/EDR/XDR content for Enterprise #SecOps teams #DetectionEngineering http://opstune.com
Responses (1)
Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams