SIEM, Splunk & Log Management

SIEM & Log Management in Brief

Situational picture is one of the biggest “hype words” at the moment. Most simply, situational picture is an overview into your cyber security posture, generated from several log sources.  At its best, a situational picture includes application logs, data communication logs, customer feedback systems, ticketing systems, as well as public news sources, threat intel and possibly much more. Building all this is challenging; mapping and defining needs, and deciding what’s “good enough” is a cumbersome process.

What Mint Security delivers

We help identify the initial needs. We design the log management architecture from the point of view of performance, redundancy, log protection, as well as security. With regard to the protection of logs, it is essential who has access to which log.

In audit logs, our expertise is based on the demanding environments in the financial sector – our expertise is scalable both upwards and downwards.

Customer Needs and Challenges to Be Solved

Every customer environment is different and each customer has individual needs. However, the challenges we face can be roughly categorized as follows:

  • Situational picture of security devices
  • Situational picture of the infrastructure
  • Situational picture of the SecDevOps environment
  • Run-time logs for systems software
  • Compliance and audit logs
  • Visibility inbto SDLC, CI/CD pipelines and application development
  • Visibility into the cloud infrastructure
  • Integrating log observations in JIRA or Slack


We have excellent expertise in Splunk. We prefer to do our SIEM deliveries with Splunk, because we can guarantee excellent results, we can support our customers all the way – planning, sizing, implementing, operating the system, managing content and creating alerts or SOC integrations.

Already using Splunk!

We are looking to implement Splunk

Our Excellent Splunk Blogs

There is a lot to write about Splunk and the endless opportunities therein – so we have decided to share both expertise as well as opinions as separate blogs.

Splunk vulnerabilities and trust boundaries blo

Splunk vulnerability analysis – CVE-2024-29946 & CVE-2024-29945

Splunk vulnerability analysis – CVE-2024-29946 & CVE-2024-29945 in relation to a common threat model. DISCLAIMER – The author of this blog shall not be held responsible for any negative outcomes that may occur as a result of following advice given in this blog. Caveat emptor – use advice and ideas presented in this blog at your own risk.

Read more »
Splunk and Auditd

Splunk & Auditd with Defender ATP and Vulnerability Scanning

This blog post offers a few simple tricks and tips that will ensure that your security controls do not interfere with each other. The tricks are not really tricks, just plain old configurations which offers food for thought. As we know, Splunk is the most complex beast of a software out there.

Read more »
Splunk & Ansible

Installing Splunk with Ansible

Managing a Splunk installation can be a complex task, but with proper tools and processes, it will become a lot more approachable. Recently, a customer wanted to have a Splunk environment that they could install and manage with Ansible. So that is what we created.

Read more »
Splunk header

Scaling and managing Splunk Enterprise Installation

Clustered Splunk Enterprise installations are mainly managed by the related management nodes. Indexer Cluster with the Cluster Master and Search Head Cluster with the Search Head Cluster Deployer. Without an additional process of change management, there is no way to easily track down what has been changed, by who and when.

Read more »
Team Mint at BOTS 2019 Helsinki

Third place in Splunk BOTS 13.3.2019

Team Mint Security participated in the BOTS or BOSS of the SOC event which took place in Helsinki on the 13th of March. BOSS of the SOC is a Capture-the-flag (CTF) event using Splunk technology.

Read more »

More details about our methods and tools

We are hard-core Splunk experts. However, our expertise is not product-specific, but relying on our experience, we can conjure up views in big log data in any environment.

Below are some screenshots of actual (and anonymized) log analysis.

Map of Europe

We do Splunk implementations worldwide. We prefer to do preparations offsite, initial planning as a workshop onsite, then installations and configurations over remote connections and finalization, training and handover again onsite. We have a clear concept, the final implementation is always up to the customer.

Splunk header

Splunk is one of the most popular and largest log management vendors today. Spunk is widely used, there are lots of extensions and addons even for the most exotic use cases. Splunk can go beyond huge amounts of data and does not limit the source types or log formats in any way. Whatever you throw at it, we will work it out without expensive and time consuming efforts.


As part of our commitment to delivering an end to end solution, we also provide licenses for Splunk.

contact us

Please do contact us. We most likely respond faster than you thought,