Free Preparation Discussions
MENU
Splunk Exam SPLK-5002 Topic 5 Question 3 Discussion
Topic #: 5
Which Splunk feature helps in tracking and documenting threat trends over time?
Why Use Risk-Based Dashboards for Tracking Threat Trends?
Risk-based dashboards in Splunk Enterprise Security (ES) provide a structured way to track threats over time.
How Risk-Based Dashboards Help: Aggregate security events into risk scores Helps prioritize high-risk activities. Show historical trends of threat activity. Correlate multiple risk factors across different security events.
Example in Splunk ES: Scenario: A SOC team tracks insider threat activity over 6 months. The Risk-Based Dashboard shows:
Users with rising risk scores over time.
Patterns of malicious behavior (e.g., repeated failed logins + data exfiltration).
Correlation between different security alerts (e.g., phishing clicks malware execution).
Why Not the Other Options?
A. Event sampling -- Helps with performance optimization, not threat trend tracking. C. Summary indexing -- Stores precomputed data but is not designed for tracking risk trends. D. Data model acceleration -- Improves search speed, but doesn't track security trends.
Reference & Learning Resources
Splunk ES Risk-Based Alerting Guide: https://docs.splunk.com/Documentation/ES Tracking Security Trends Using Risk-Based Dashboards: https://splunkbase.splunk.com How to Build Risk-Based Analytics in Splunk: https://www.splunk.com/en_us/blog/security
Allene
2 months agoStephane
2 months agoBev
11 days agoBeata
12 days agoCory
13 days agoEdison
14 days agoErinn
17 days agoHyman
20 days agoShalon
1 months agoDorcas
2 months agoSherell
2 months agoLacresha
2 months agoPamella
3 months agoShannan
1 months agoDominga
2 months agoShenika
2 months agoMatthew
3 months agoNoel
3 months agoJonell
2 months agoCharlena
2 months agoSolange
2 months ago