Sold by: Keos
Keos' Splunk Risk Based Alerting Framework service converts your existing Splunk Enterprise Security detections into risk-based alerts, reducing SOC alert noise and increasing detection fidelity. Keos' certified Splunk SMEs architect the framework, integrate your existing use cases, add MITRE mappings, and tune the system — in a structured 120-hour engagement.
Overview
Framework Architecture: Keos consultants review your risk and notable indexes, incident review settings, use case annotations, assets and identities data, and 24-hour risk threshold configurations before beginning conversion.
Use Case Conversion: Existing use cases are integrated into the risk-based alerting framework, with static and dynamic risk alert actions added, risk events enriched with supplemental information, and MITRE mappings applied.
Tuning: After conversion, Keos tunes the use cases by adjusting SPL, reducing noisy detections, changing annotations, and adjusting supplemental risk event fields.
Validation and Documentation: The framework deployment is validated end-to-end, with documentation and weekly status reports delivered throughout the engagement.
Justification for IT Investment: Documented metrics demonstrate the reduction in alert volume and improvement in SOC efficiency achieved through the RBA framework.
Highlights
- Existing ES detections converted to risk-based alerts — reducing alert noise and increasing fidelity for your SOC
- MITRE mapping, dynamic risk generation, and supplemental enrichment added to all converted use cases
- Delivered by Splunk-certified SMEs in a structured 120-hour engagement
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Pricing
Custom pricing options
Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.
Legal
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Support
Vendor support
Software associated with this service
By Deepwatch
Deepwatch is the leading managed security platform for the cyber resilient enterprise. Deepwatch extends security teams and proactively improves cybersecurity posture via its squad delivery model and patented Dynamic Risk Scoring alert engine. Deepwatch is a founding member of the AWS Level 1 MSSP Competency.
Ongoing Managed Detection and Response services via a full-time 24x7 security operations center
By BlueVoyant
Ongoing Managed Detection and Response delivered via a full-time 24x7 security operations center
MDR provides comprehensive security coverage, but many businesses require additional cloud-native incident response, deep digital forensics, or legal testimony support that falls outside the scope and capabilities of MDR. BlueVoyant offers our DFIR for MDR for Splunk.