Splunk for Blue Team: SPL Queries and Investigation Patterns
Splunk for Blue Team: SPL Queries and Investigation Patterns
Splunk is the most common SIEM you'll encounter in a SOC. If you're doing blue team work, you need to be comfortable with SPL (Splunk Processing Language). This post covers the architecture...
woogi.me6 min read