gehe zu: SecOps SPL (German version)

Introduction

SecOps SPL is a native Splunk app for more security in your company.

It combines all important functions and features for efficient Security Operations at significantly lower costs in relation to comparable products / Add-Ons in the Splunk context.

In particular, employees in the areas of SOC, CTA / CTI, Security Architecture and Use Case Development are enabled to carry out their tasks adequately, quickly and in a targeted manner.

Integrated well-known Security Frameworks and Reporting capabilities help you keep an overview, identify gaps and carry out regulatory audits - which are common in the financial industry - more easily.

An excerpt from the functional overview of SecOps SPL

• full multi-tenancy without limitations
• GUI-based processes for ...
  • ... the SOC with all open Alerts, including their processing for all tenants
  • ... the Incident Management done by CTA Team (Cyber Threat Analytics)
    
    
  • ... the Administration of
    • Monitoring Targets
    • Alarm Status and Stages
    • Use Case Library
    • Settings of the Auto-Grouping and Auto-Closing functions of Alerts
    • Parameter setting of the automatic Use Case Testing
      
      
  • ... the Use Case Administration
    • Assignment / Activation / Deactivation of Use Cases to/for earch tenant
    • Assignment of Use Cases to attack techniques (MITRE ATT&CK, BAIT oder KAIT)
    • in future also DORA and requirements based on the new German governmental rules NIS2UmsuCG and KRITIS-DachG
    • Staging Concept (Development -> Test -> Production)
      
      
  • ... the Use Case Testing
    • manually or automatically
    • Recertification based on self-defined rules per Use Case
      
      
  • ... the Welcomelisting* ("Whitelisting") of alerts 
    • Assignment / Activation / Deactivation of Use Cases to/for earch tenant
    • Recertification based on self-defined rules per alert
      
      
  • ... the Reporting
  • ... the Health Monitor

Other features are ...

• ... the formalized Use Case Development
• ... the mandatory use of a few Macros in each Use Case for these functions
  • Activation / Deactivation per tenant
  • Assignment of alerts to tenants
  • Assignment of a unique ID per alert for all follow-up processes, evidence and forensic investigations
  • Uniform and structured provision of the necessary information (data fields) to the SOC through each Use Case
    
    
• supported (required) Roles
  • Use Case Factory (UC Development)
  • SOC (Security Operations Center)
  • CTA / CTI (Cyber Threat Analytics, Cyber Threat Intelligence)
  • RM / CSA (Risk Managment / Cyber Security Architecture)
    
    
• completey realised in XML / SPL plus a few simple JavaScripts for CSS

Downloads

Functional Diagram as pdf file SecOps_SPL_-_Functional_Overview2024-Q4.pdf (no Macros, open in "read only" mode)

Powerpoint Presentation as pptx file SecOps SPL.v2024-Q1.en.pptx (no Macros, open in "read only" mode)

Powerpoint Presentation as mp4 video SecOps SPL.v2024-Q1.en.mp4 (Each slide is shown for 7 secs)

*SecOps SPL uses the terms "welcomelist" and "blocklist" for the former and burdened terms "whitelist" and "blacklist"