SIEM, Splunk & Log Management

SIEM & Log Management in Brief

Situational picture is one of the biggest “hype words” at the moment. Most simply, situational picture is an overview into your cyber security posture, generated from several log sources.  At its best, a situational picture includes application logs, data communication logs, customer feedback systems, ticketing systems, as well as public news sources, threat intel and possibly much more. Building all this is challenging; mapping and defining needs, and deciding what’s “good enough” is a cumbersome process.

What Mint Security delivers

We help identify the initial needs. We design the log management architecture from the point of view of performance, redundancy, log protection, as well as security. With regard to the protection of logs, it is essential who has access to which log.

In audit logs, our expertise is based on the demanding environments in the financial sector – our expertise is scalable both upwards and downwards.

Customer Needs and Challenges to Be Solved

Every customer environment is different and each customer has individual needs. However, the challenges we face can be roughly categorized as follows:

  • Situational picture of security devices
  • Situational picture of the infrastructure
  • Situational picture of the SecDevOps environment
  • Run-time logs for systems software
  • Compliance and audit logs
  • Visibility inbto SDLC, CI/CD pipelines and application development
  • Visibility into the cloud infrastructure
  • Integrating log observations in JIRA or Slack

Splunk

We have excellent expertise in Splunk. We prefer to do our SIEM deliveries with Splunk, because we can guarantee excellent results, we can support our customers all the way – planning, sizing, implementing, operating the system, managing content and creating alerts or SOC integrations.

There is a lot to write about Splunk and the endless opportunities therein – so we have decided to share both expertise as well as opinions as separate blogs.

Splunk header
Teemu Turpeinen

Scaling and managing Splunk Enterprise Installation

Clustered Splunk Enterprise installations are mainly managed by the related management nodes. Indexer Cluster with the Cluster Master and Search Head Cluster with the Search Head Cluster Deployer. Without an additional process of change management, there is no way to easily track down what has been changed, by who and when.

Read more »
Splunk header
Thomas

Minted by Splunk

Mint Security provides a vast range of überconsulting for Splunk. From a single server to clustered multisite setups with integrated SSO and 2FA.

Read more »

More details about our methods and tools

We are hard-core Splunk experts. However, our expertise is not product-specific, but relying on our experience, we can conjure up views in big log data in any environment.

Below are some screenshots of actual (and anonymized) log analysis.

Map of Europe

We do Splunk implementations worldwide. We prefer to do preparations offsite, initial planning as a workshop onsite, then installations and configurations over remote connections and finalization, training and handover again onsite. We have a clear concept, the final implementation is always up to the customer.

Splunk header

Splunk is one of the most popular and largest log management vendors today. Spunk is widely used, there are lots of extensions and addons even for the most exotic use cases. Splunk can go beyond huge amounts of data and does not limit the source types or log formats in any way. Whatever you throw at it, we will work it out without expensive and time consuming efforts.

Licensing

We are license agnostic, but our preferred partner for licensing is E2-Software.

contact us

Please do contact us. We most likely respond faster than you thought,