Splunktrabajos
Desde mi empresa voy a poner en marcha un blog para un cliente. Multinacional, tecnológica, que es una firma de tecnología, en concreto es un software de monitorización de apps y servicios web. Innovadora y quiere competir con los grandes. Entre su competencia me han indicado que hay empresas como Dynatrace, New Relic, Cisco, Splunk y soluciones específicas de IBM y Microsoft. Examinando la web de estas empresas de la competencia y sus respectivos blogs os podéis hacer una idea de la tipología de contenidos. Necesito redactores especializados, o muy especializados en redactar un contenido técnico de mucha calidad con cierto matiz comercial. No se trata de explicar una versión o sus particularidades tecnologicas, sino destac...
"Aplicación solo para México" Requiero personas con especialidad en tecnologías en Splunk, Sailpoint, desarrollador en iOS y desarrollador en Android que posea certificación de cualquiera de ellos, con disponibilidad de viajar.
Gran oportunidad de trabajar en una empresa del sector turístico. Si te gustan los nuevos retos y tienes ganas de un cambio profesional, esta es tu oferta!!!. Precisamos incorporar un OPS Engineer con experiencia mínima 2 años para incorporarse a un trabajo estable en Palma de Mallorca (Baleares).Buscamos a una persona con las siguientes ca...Scripting (Bash, Perl, Python, PowerShell)Experiencia con algunos frameworks y tecnologías de orquestación (Ansible, marioneta, MCO, Chef)Fuertes conocimientos de Redes TCP/IP, Firewalls, DNS (BIND e Integrado de Microsoft AD), servidores web (IIS, Apache), Administración de Microsoft Active Directory. Experiencia con sistemas de vigilancia, sino también registrar o sistemas de gestión de eventos...
...en:- Explotación, analítica y manejo de los datos almacenados.- Linux (administración general y networking).- Programación Java.- Flume, logstash o syslog (nivel básico).- Instalación y uso de Hadoop (básico). - Apache Kafka. - BBDD NoSQL (Mongo, Cassandra, HBase, etc)Se valorará conocimientos y/o experiencia con: - Hortonworks o Cloudera. - Python. - Storm o Spark. - Scala. - ElasticSearch. - Splunk. - Hive / profesionales con capacidad de trabajo en equipo, ganas de aprender, mejorar y asumir nuevos retos, iniciativa y responsabilidad en el trabajo Ofrecemos: - Estabilidad laboral.- Acuerdos sociales y beneficios para los empleado: Seguro de vida, Tickets Restaurante, descuento en la contratación de un seguro m&ea...
...en:- Explotación, analítica y manejo de los datos almacenados.- Linux (administración general y networking).- Programación Java.- Flume, logstash o syslog (nivel básico).- Instalación y uso de Hadoop (básico). - Apache Kafka. - BBDD NoSQL (Mongo, Cassandra, HBase, etc)Se valorará conocimientos y/o experiencia con: - Hortonworks o Cloudera. - Python. - Storm o Spark. - Scala. - ElasticSearch. - Splunk. - Hive / profesionales con capacidad de trabajo en equipo, ganas de aprender, mejorar y asumir nuevos retos, iniciativa y responsabilidad en el trabajo Ofrecemos: - Estabilidad laboral.- Acuerdos sociales y beneficios para los empleado: Seguro de vida, Tickets Restaurante, descuento en la contratación de un seguro m&ea...
...en:- Explotación, analítica y manejo de los datos almacenados.- Linux (administración general y networking).- Programación Java.- Flume, logstash o syslog (nivel básico).- Instalación y uso de Hadoop (básico). - Apache Kafka. - BBDD NoSQL (Mongo, Cassandra, HBase, etc)Se valorará conocimientos y/o experiencia con: - Hortonworks o Cloudera. - Python. - Storm o Spark. - Scala. - ElasticSearch. - Splunk. - Hive / profesionales con capacidad de trabajo en equipo, ganas de aprender, mejorar y asumir nuevos retos, iniciativa y responsabilidad en el trabajo Ofrecemos: - Estabilidad laboral.- Acuerdos sociales y beneficios para los empleado: Seguro de vida, Tickets Restaurante, descuento en la contratación de un seguro m&ea...
.../>Tareas Principales a Desarrollar<br /><br />· Administración de SIEM (IBM QRadar), configuración de alertas, modificación de reportes<br />· Ejecución de escaneos de vulnerabilidades sobre aplicaciones, análisis de resultados, detección de falsos positivos y presentación de reportes para áreas de mitigación.<br /><br />Conocimientos Técnicos Deseables<br /><br />· Tecnologías SIEM (QRadar, Arcsigth, Splunk, Nitro, AlienVault, Envision)<br />· Análisis de vulnerabilidades en aplicaciones (herramientas Zap, Appscan, Fortify)<br />· Auditoría. Normativas locales e internacionales.<br />· ...
...Windows y Linux, incluyendo la arquitectura, el diseño, la administración y la gestión de aplicaciones web SaaS. Experiencia en administración de Windows Server. La experiencia en administración de cuentas de usuario, gestión de paquetes, endurecimiento de la seguridad, y ajuste de rendimiento. Comprensión de la supervisión del sistema y soluciones de registro de aplicación (Nagios, grafito, Splunk / Logstash). Experiencia con lenguajes de scripting (Per, Python, golpe, Powershell ). Conocimientos de SQL Server y NoSQL (MongoDB, HBase) para manejar grandes conjuntos de datos de la aplicación. Experiencia en configuración de herramientas de automatización (Títeres, Chef, SCCM ) Ingl&ea...
Nuestra micro-empresa necesita un Desarrollador (freelance) Splunk para diseñar el dashboard relacionado con datos desde plataforma GPS con base de datos origen MySql. Se necesita entragar al cliente(s) final informes y metricas visuales del uso de los moviles que cuentan con los GPS asignados a sus zonas. Se requiere programador con experiencia en la herramienta splunk y el uso deseable de getstat() para visualizacion de mapas.
I need help deploying Splunk Enterprise in a cloud environment. The primary goal is likely data aggregation and analysis, but I’m open to expert input. Ideal Skills and Experience: - Proven experience with Splunk Enterprise deployments, especially in cloud environments. - Strong background in data aggregation, analysis, and creating custom dashboards. - Familiarity with real-time monitoring and alerting within Splunk. - Ability to provide a detailed project proposal outlining the deployment strategy. Please include your relevant experience in your application.
I am looking for an experienced cybersecurity professional to prepare a detailed and comprehensive report on recent cyber security incidents in the healthcare sector. The report should cover the latest real-world incidents (2026), including attack methods...observed in attacks Root Cause Analysis Vulnerabilities exploited (unpatched systems, weak access controls, third-party risks) Recommendations & Improvements Security controls to implement (aligned with frameworks like NIST/ISO 27001) Detection and monitoring improvements (SIEM, EDR, SOC use cases) Preventive measures for healthcare environments Optional (Preferred): MITRE ATT&CK mapping Sample Splunk queries / detection rules Risk scoring and prioritization IMPORTANT - NEED SOMEONE WHO IS IN BANGALORE AND WORKS IN CYBE...
I am seeking a cybersecurity specialist to support my company’s security efforts by performing the following tasks: Analyze Splunk vulnerabilities that I will provide; Document these vulnerabilities thoroughly, including identifying any related case studies, previously documented examples (e.g., academic articles or CVEs), and all possible remediation strategies;
I have a mature security stack built around CrowdStrike, Google SecOps (Splunk in some environments), Qualys, and a TIP layer that alternates between OpenCTI and MISP. What I need now is hands-on expertise that ties all of these platforms together: • Craft high-fidelity detection logic inside CrowdStrike and Google SecOps/Splunk, mapping each rule to MITRE ATT&CK and my own use-case catalogue. • Proactively hunt in both the EDR and SIEM data to validate those detections, surface hidden threats, and document repeatable hunt queries. • Integrate threat intelligence feeds into the TIP and push the relevant IOCs, TTPs, and context back down to CrowdStrike and the SIEM so automation can enrich alerts in real time. • Correlate Qualys vulnerability dat...
...experienced Tier 3 Security Analyst / SIEM Engineer to support and enhance our security operations capabilities. --- ### Mission You will contribute to strengthening detection and response capabilities by improving SIEM use cases, developing automation, and enhancing incident response processes. --- ### Responsibilities **SIEM Engineering** * Configure, manage, and optimize SIEM platforms (Splunk, Sentinel, QRadar, Defender, Chronicle) * Onboard and normalize log sources across cloud and on-prem environments * Develop and maintain detection rules (use cases, anomaly detection, behavioral analytics) **Automation and Playbooks** * Design and implement incident response playbooks (phishing, lateral movement, data exfiltration, etc.) * Automate workflows using SOAR tools (Lo...
...across our endpoint estate—specifically all employee workstations, desktops, and several business-critical on-prem servers. Your day-to-day work will center on spotting malicious behavior early, tuning alert logic to cut false positives, and feeding concise intelligence back to my internal IT team so we can respond fast and decisively. You’ll have direct access to our existing SIEM and EDR stack (Splunk and CrowdStrike), plus the freedom to recommend additional tooling or rule sets where you see gaps. Key outcomes I need: • Real-time, high-fidelity alerts for endpoint threats • Clear incident tickets with root-cause notes and containment steps • Weekly trend reports highlighting patterns, MITRE ATT&CK mapping, and any policy tweaks you sug...
I am a Junior Cybersecurity Professional targeting entry-level SOC and GRC roles such as: - Triage Security Analyst - Junior SOC Analyst - Junior Cybersecurity Analyst - GRC Analyst - IT Auditor My key skills are: Azure Sentinel, Splunk, KQL, Incident Response, Cloud Security, Risk & Compliance, Threat Detection I want the banner to communicate: - What I offer to hiring managers - How I can help their organization - A clear CTA to connect with me My profile picture sits on the bottom left of the banner so keep that area clean and empty. All graphics, text and design elements should be focused on the center and right side only. IMPORTANT: Purely hand-crafted graphic design only. No AI-generated images or elements whatsoever. I will reject any AI-generated work immedi...
...exposure, tighten AML compliance, and give stakeholders clear, data-driven insight into what is really happening inside our payment streams. Your solution can rely on manual reviews, automated rules, machine-learning models—or a smart mix of all three. I’m flexible on approach as long as the end result is fast, accurate detection with a clear audit trail. Experience with tools such as Python, SQL, Splunk, Elastic, or dedicated AML platforms will help you hit the ground running, but I’m open to alternatives if you can justify them. Deliverables I expect: • A monitoring workflow that ingests live transaction data and flags suspicious patterns in real time • An alerting mechanism (email, Slack, dashboard, etc.) with severity levels I can fine-tu...
Por favor, regístrate o inicia sesión para ver los detalles.
I’m building out a small SOC stack and need an expert to wire Wazuh and Splunk together so I get clean, searchable logs from my firewalls. The core goal is streamlined log management—no SIEM correlation rules, threat-hunting work, or incident-response playbooks at this stage—just reliable collection, parsing, and visualization. Here’s what I need done: • Deploy or fine-tune Wazuh agents/managers to ingest all firewall events (the devices are already exporting Syslog today). • Configure Splunk inputs, indexes, and props/transforms so the data is correctly tagged, timestamped, and CIM-compliant. • Build a starter dashboard and a couple of saved searches that prove the data is landing and searchable. • Hand over concise document...
...data already flowing through my Splunk environment into clear, AI-driven guidance on how well our response processes are working. Using Splunk’s Machine Learning Toolkit—or native SPL commands if you prefer—I need models and dashboards that highlight response times, escalation paths, repeat offenders, and any other signals that reveal where our incident handling shines or stalls. You will have access to the existing security indexes, notable events, and response logs. The job is to design and implement the searches, train the models, and visualise the results inside Splunk so my analysts can see at a glance how each phase of the response cycle performs and where we can improve. If you have experience integrating Python or external ML frameworks with ...
...• Clear documentation of each finding: timestamps, affected hosts, traffic captures, indicators of compromise, and any links to the social-media angles I mentioned. • A concise, court-ready report I can hand to law enforcement, including recommended remediation steps so I can lock everything down without losing data. You’re free to use whatever toolkit you’re most comfortable with—Wireshark, Splunk, Volatility, Autopsy, or other digital-forensics platforms—so long as the final report is structured and verifiable. If you see clues that point to physical security gaps, please flag them; the offline stalking is just as concerning. The sooner we start, the better. Let me know how you’d approach the investigation, what access you’ll re...
...w zgodzie z ISO 27001. Zakres zlecenia • Audyt cyberbezpieczeństwa – szczegółowa analiza stanu zabezpieczeń, testy podatności, raport z lukami i planem naprawczym. • Opracowanie kompleksowej strategii – wytyczne polityki, procedury, plan ciągłości działania i roadmapa wdrożeń zgodna z ISO 27001. • Usługi SOC 24/7 – stałe monitorowanie, obsługa incydentów, korelacja zdarzeń w SIEM-ie (np. Splunk, QRadar, ELK) oraz raportowanie SLA. Oczekuję, że dostarczysz: 1. Propozycję metodologii i narzędzi, których używasz. 2. Przykładowe raporty lub redacted case studies potwierdzające wcześniejsze realizacje. 3. Deklarację zdolności do pracy w modelu white-label z zachowaniem ISO 27001. 4. Warunki SLA dla monitoringu i rea...
...an experienced Palo Alto engineer to keep an eye on our firewalls through Panorama, handling day-to-day monitoring and rapid incident response entirely remotely. The core of the engagement is ongoing health-watch and swift resolution whenever an alert, log spike, or policy-related incident appears—no onsite visits, everything through Panorama, CLI or preferred tools such as Expedition, TAC, or Splunk if that speeds diagnosis. The workflow I have in mind is straightforward: you watch the dashboards, syslog feeds and health stats, jump in the moment something drifts from baseline, contain the issue, fix it, then send a short root-cause and remediation note so I can track what changed. If firmware, dynamic updates or policy tweaks are needed to clear the incident, you can s...
...• Strong cloud and Linux experience: AWS, Microsoft (Azure/Windows Server), RedHat. • Security & IP protection processes (data segregation, NDAs, secure dev practices). • At least 2 case studies in the last 18 months with measurable ROI. Provide contacts for references. Nice-to-have • Experience with monitoring stacks (Prometheus, Grafana, CloudWatch, Azure Monitor), AIOps platforms (Moogsoft, Splunk ITSI, Dynatrace, BigPanda), or automation tools (Ansible, SaltStack, Rundeck). • Experience implementing chatops/chatbot (Teams/Slack) linked to ServiceNow. • Familiarity with storage platforms and SAN/NAS troubleshooting. Proposal requirements 1. Short agency profile (team size, key engineers, locations). 2. Two relevant case studies (PDF) with m...
...dalam manajemen insiden keamanan siber untuk mengamankan infrastruktur TI kami yang berjalan 24/7. Lingkup pekerjaan mencakup deteksi dini, triage, eskalasi, containment, eradikasi, hingga pemulihan pasca-insiden—termasuk pelaporan forensik singkat yang bisa langsung dipresentasikan kepada manajemen non-teknis. Teknologi inti yang kami gunakan meliputi firewall-berbasis-NG, EDR, SIEM (saat ini Splunk), serta beban kerja cloud di AWS dan GCP. Dokumentasi prosedur sudah ada namun masih berupa draft; saya ingin Anda merapikan runbook, menyusun playbook otomatisasi sederhana (mis. via SOAR atau scripting Python/Bash), dan menyiapkan dashboard quick-view di SIEM untuk peringatan prioritas tinggi. Ekspektasi deliverable: • Runbook insiden terkini dalam format PDF + file su...
My Splunk indexers are chewing through far more disk than necessary, and I need a focused engagement to slim them down while keeping the data I actually care about. The work centres on revisiting index retention, with special attention to the Cold buckets. I want to be confident that data is rolling forward at the right time, that frozen policies make sense, and that nothing lingers longer than it should. Alongside that, I’d like you to examine our data ingestion pipeline, identify any chatty sources or redundant log feeds, and advise where we can safely cut volume without losing business-critical insight. I expect you to apply Splunk best practices throughout—tuning , bucket sizing, summarisation options, and any other proven techniques that help curb storage g...
My Splunk indexers are chewing through far more disk than necessary, and I need a focused engagement to slim them down while keeping the data I actually care about. The work centres on revisiting index retention, with special attention to the Cold buckets. I want to be confident that data is rolling forward at the right time, that frozen policies make sense, and that nothing lingers longer than it should. Alongside that, I’d like you to examine our data ingestion pipeline, identify any chatty sources or redundant log feeds, and advise where we can safely cut volume without losing business-critical insight. I expect you to apply Splunk best practices throughout—tuning , bucket sizing, summarisation options, and any other proven techniques that help curb storage g...
...clearer visibility that the team can maintain long after you finish. Here’s how I picture the engagement: • Begin with read-only access so you can baseline current firewall rules, IDS/IPS signatures, and telemetry. • Present an action plan that outlines changes, testing steps, and potential impact. • Optimise firewall policies, fine-tune IDS/IPS rules, and build or refine monitoring dashboards (Splunk, ELK, Security Onion, or comparable) with alerts mapped to MITRE ATT&CK. • Document every change, include roll-back instructions, and schedule brief progress reviews—no rush, quality over speed. Expected deliverables 1. Hardened firewall and IDS/IPS configurations with before/after comparison. 2. Re-usable monitoring dashboards and al...
...Suite, or anything you deem fit, provided every step is documented. Once testing is complete, I’ll need a clear, prioritised report outlining each vulnerability, evidence of exploitation, and actionable remediation guidance that my IT team can follow. Afterward, I want 24/7 security monitoring set up—log collection, real-time alerting, and trend analysis. If you already have a preferred stack (Splunk, ELK, or similar) let me know; if not, recommend one that fits a mid-sized environment. I’m open to adding firewall tuning later, but it’s not mandatory for this engagement. Deliverables: • Comprehensive penetration test plan, execution, and final report • Documentation of tools, exploits, and methodologies used • Deployment or configura...
...exploit chains and attack paths - Conduct reconnaissance, privilege escalation, and lateral movement - Create detailed reports outlining vulnerabilities and proof-of-concept exploits - Simulate realistic adversary behavior during red-team engagements - Collaborate with clients to validate remediations and test defensive improvements Ideal Skills and Experience: - Proficient in Nmap, Wireshark, Burp, Splunk, and Python - Strong background in network penetration testing - Experience with offensive tooling and exploit development - Ability to thrive in ambiguity and think unconventionally - Strong reporting and communication skills If you are curious, bold, and driven to expose hidden system weaknesses, I would love to hear from you....
...estate—mixing on-prem servers with multiple cloud workloads—so the design must collect and correlate telemetry from both sides without gaps. Core technologies are already chosen: a SIEM for log aggregation and correlation, network-based IDS/IPS for east-west and north-south traffic, and an Endpoint Detection & Response platform for host-level visibility. I’m open to specific vendor recommendations—Splunk, ELK, QRadar, Suricata, Snort, CrowdStrike, SentinelOne, etc.—as long as they integrate cleanly and can scale. To keep expectations clear, here’s what I need delivered: • A high-level SOC architecture diagram, bill of materials, and implementation roadmap. • Installation, configuration, and tuning of the SIEM, including log o...
...operations by adding truly real-time alerts that fit neatly into the existing observability pipeline. Right now I aggregate logs and metrics, but latency between an event and a notification is still measured in minutes. I want that window reduced to seconds—with intelligent deduplication so the team is warned once, not fifty times. If you’re comfortable wiring up tools such as Prometheus, Loki, ELK, Splunk, Grafana, or similar stacks, and you know how to tune alert rules, thresholds, and message formats, your expertise will be put to good use. Deliverables • A fully configured alerting workflow (webhooks, email, Slack, or Teams—whatever integrates fastest with common stacks) • Documentation outlining rule logic, suppression criteria, and how the so...
...Investigate suspicious process activity • Parse logs inside a SIEM (Chronicle, Splunk, Elastic, etc.) • Build an incident report Network Security Projects (2–3) • Analyze PCAP files in Wireshark • Identify command-and-control traffic • Detect port scans • Write a Tier-1 analyst style summary Linux + Forensics Projects (2) • Investigate user activity • Parse authentication logs • Collect basic indicators of compromise Vulnerability Projects (1–2) • Run a safe Nmap scan • Create a vulnerability report • Show mitigation steps Automation Project (1) • Simple Python script to parse logs • OR automate a small security task Required Skills You MUST have hands-on experience in: •...
...need from you: • A full course outline that can be delivered over four weeks, mapping out daily objectives and realistic time commitments alongside SOC shift work. • Slide decks or detailed written modules for each lesson that dive deep into threat detection and analysis techniques, step-by-step incident response playbooks, and effective use of SIEM, SOAR, EDR, and log-management platforms (Splunk, Elastic, Sentinel, etc.). • At least two hands-on labs per week using readily available environments—virtual machines, cloud sandboxes, or open-source datasets—so students can practise hunting, triage, containment, and post-incident review. • End-of-module quizzes and a capstone practical that emulate live-fire scenarios, allowing me to measure ma...
...governance and strategic business outcomes. Required Skills & Experience • 4+ years of experience in data modeling, enterprise data strategy, or data architecture. • Solid understanding of IT4IT Reference Architecture (Open Group). • Hands-on experience with Azure Data Services, Azure SQL, and Databricks. • Familiarity with enterprise IT platforms such as ServiceNow, Workday, Cisco, Jira, Dynatrace, Splunk, and similar systems. • Strong conceptual knowledge of data governance, data domains, and business object modeling. • Excellent analytical, communication, and documentation skills. Preferred Skills • Exposure to ServiceNow CMDB or data cataloging tools. • Working knowledge of data product architecture and data mesh principles. •...
...encryption protocols. Conduct vulnerability assessments to identify potential security risks within the network infrastructure. Support data center operations including NAS/SAN management and high availability configurations. Collaborate with IT teams to integrate cloud security measures within AWS and Azure environments. Troubleshoot network connectivity issues using tools like SolarWinds, PRTG, or Splunk. Assist in the deployment of network installations and upgrades while adhering to best practices in network architecture. Document network configurations, changes, and procedures for future reference. Provide technical support for users regarding network access issues and remote access software. Experience Proven experience in network engineering or support roles with a stron...
...approach on how these use cases were implemented/configured in the system and which prompts were used to execute the below use cases. a. AI-Guided Incident Response & MTTR Optimization (Bridging SIEM + ITSM + Network Automation) b. Compliance Drift & Security Posture Enforcement (Bridging Firewalls + Network Configs + ServiceNow Change Policies) Inside the lab you’ll rely on ServiceNow, SolarWinds and Splunk to generate data, surface alerts, and validate results. A solid grounding in NOC expertise & Internet networking is essential so the examples feel realistic; the guide should read as something a NOC expert can reproduce without guesswork. If this sounds exciting then do bid to this task, we can have a meeting where we can explain the use cases in details and...
... - Build resilient retry policies using exponential backoff + jitter for transient errors (408, 500–504, 429) and no-retry for non-recoverable cases (401, 403, 404, 422). 3. Intelligent Error Recovery Develop data pipelines and dashboards to analyze error classification accuracy and user recovery rates. 4. Observability & Diagnostics - Define logging and tracing standards for error traces in Splunk and APM. 5. Governance & Best Practices: - Establish internal Error Handling Guidelines and test scenarios - Champion fault isolation and graceful degradation patterns (bounded retries, circuit breakers, token bucket throttling). Deep understanding of distributed systems, HTTP status codes, and API fault design Hands-on experience with error handling frameworks and r...
Hello, We are looking for an experienced trainer to deliver a short-term training project on "Splunk SOAR". Responsibilities: - Conduct focused training sessions on Splunk SOAR - Create or adapt training material as required - Provide hands-on lab guidance (if applicable) Requirements: - Proven experience in Splunk SOAR - Prior corporate training experience preferred - Ability to deliver training effectively within a short-term timeline To Apply, Please Share: - Updated CV / Profile - Course contents (TOC) - Daily / Hourly commercial rates - Lab availability & charges (if applicable) - Your availability schedule Looking forward to collaborating with the right expert. Best regards, Anjali Koenig Solutions
...rolling out an up-skilling track for a team of intermediate IT professionals who already handle day-to-day monitoring but now need to master AIOps practices on two specific stacks: Splunk Observability Cloud and Dynatrace. The course should be instructor-led (live virtual or onsite—let me know what works best for you) and tightly focused on three pillars: • Data visualization that turns metrics, logs, and traces into actionable dashboards inside both tools • AI-driven alerting, including threshold tuning, anomaly detection, and noise reduction techniques • Incident management workflows that bridge detection in Splunk or Dynatrace with remediation playbooks and post-mortem reporting What I need from you – A concise syllabus covering ...
...experienced SOC analyst to keep a close, real-time eye on our network traffic and swiftly flag any signs of phishing activity. Your primary mission is to detect, investigate, and document suspicious traffic patterns that could indicate credential-harvesting sites, rogue mail servers, or other phishing-related threats. Scope of work • Set up or refine existing SIEM and packet-capture feeds (e.g., Splunk, Elastic, Zeek, Suricata) to ensure full network visibility. • Create and tune detection rules, correlation searches, and alerts that focus on phishing indicators—DNS anomalies, unusual SMTP flows, look-alike domains, and malicious URLs. • Conduct end-to-end incident triage: verify alerts, gather evidence (pcap, logs, threat-intel hits), determine impact, ...
...from Splunk. • Look up similar past incidents stored in our internal database. • Pull any related Slack thread so context isn’t lost. Using that collected data, the tool should run a compact AI model (open-source or API-based—whichever keeps the code simple) to draft concise resolution steps and then post those steps back to the incident record. Key notes – Scope is limited to a working script or small service that proves each integration end-to-end; polished UX isn’t required. – Incidents of interest are strictly Application errors; no need to handle network or security tickets. – Historical records reside in a database, so tap that directly rather than expecting CSV or JSON dumps. Please include links or brief summari...
...Monitoring and Analysis. Detection of Indicators of Compromise (IOCs). Detailed Incident Investigation and classification (True Positive / False Positive). Creation of a Comprehensive Security Report (PDF format). Threat Intelligence Correlation using MITRE ATT&CK Framework. Suggestions for Mitigation & Hardening to improve your security posture. Tools & Frameworks I Use: SIEM Platforms: Splunk, Wazuh, ELK Stack (Kibana). Threat Analysis: VirusTotal, Hybrid Analysis, Any.Run. Frameworks: MITRE ATT&CK, Cyber Kill Chain. Forensics Tools: Sysinternals Suite, Wireshark (for packet analysis). Deliverables: Detailed PDF Report of Findings Identified Threats and Severity Levels Recommended Security Actions Screenshots or Logs (if needed) Optional: Foll...
Splunk & Spring Boot Code not Attached
Splunk & Spring Boot Code not working
I need to turn live network-traffic logs already streaming into Splunk into clear, actionable alerts so my team can detect and respond to incidents in real time. The core of the job is to transform raw data into reliable detections, surface them through concise dashboards, and fine-tune everything until false positives are at an absolute minimum. What you’ll actually do here starts with making sure the data is correctly onboarded and CIM-compliant. From there you will craft correlation searches that spot suspicious patterns, wire those searches to alert actions, and provide an easy-to-read visual layer my analysts can work from. If you have hands-on experience with Splunk Enterprise Security, custom SPL, notable events and adaptive response actions, you’ll feel r...
...track where data originated, how it was handled, and who interacted with it - Ability to classify sensitive data even when no obvious content pattern exists (e.g., images, source code, CAD files, compressed/encrypted data) - Real-time detection and prevention of data exfiltration across multiple channels (email, cloud, USB, endpoints, SaaS apps) - Integration points with SIEM/XDR platforms (e.g., Splunk, Elastic, Wazuh) - Insider risk detection combining behavioral analysis + data awareness - User education features (e.g., real-time popups when risky behavior occurs) - Modern UI/UX for security teams (dashboard, visualization of lineage, incident investigations) Ideal partner: - Proven experience in cybersecurity software, preferably DLP, insider risk, or UEBA - Strong knowled...
I need an experienced Splunk engineer who can turn raw Windows Event Logs and Application Logs into clear, actionable dashboards. You should be fully comfortable crafting SPL searches, optimizing them for performance, and transforming the results into drill-down visualizations that help me spot issues at a glance. Because this environment is governed through Windows Group Policy, your solution must respect existing GPO settings and, where necessary, show me how to adjust them so that the data I need is consistently forwarded and enriched in Splunk. Scope of work • Design and build interactive dashboards fed by real-time Windows Event Logs and Application Logs. • Write and document the underlying queries so I can maintain or extend them later. • Valida...
...and improve productivity across my daily workflow. The tools in scope are: Salesforce – Case creation, analysis card creation, JIRA tech engagement, client communication, KB article creation JIRA – Project code fix analysis tracker and release Bitbucket – Client VMs, code backup, pipeline deployments Microsoft SQL Server – Client DB backups Teams – Office chats Glowroot – Application monitoring Splunk – Log monitoring & analysis Outlook – Email communication What I Need: AI-driven concepts that can automate repetitive tasks (case triage, knowledge base drafting, log correlation, release risk analysis, etc.). A working POC/demo (if you already have something built) would help me decide quickly. A clear implementation proposal: ...
I need to bring several data sources together, automate their ingestion, and surface the results through clear, reliable dashboards. The immediate priorities are: • Data integration – pipe logs, metrics, and business data from the existing systems into Splunk, Power BI, and Grafana with minimal latency and full schema integrity. • Dashboard creation – design and publish interactive, drill-down views that highlight key KPIs for engineering and non-technical stakeholders alike. Splunk will handle heavy log analytics, Power BI will serve executive-level reporting, while Grafana will visualise real-time metrics. Python scripting is the glue for automation: scheduled ETL jobs, API pulls, and alert routing. If you’ve previously wired complex dat...
