Agent Mode
English
    Listing Thumbnail

    Splunk Enterprise Security (ES) Use Case Development

     Info
    Sold by: Keos 
    Keos' Splunk Enterprise Security Use Case Development service builds a comprehensive set of customized, risk-based security detections for your Splunk ES environment. Keos' certified Splunk SMEs recommend use cases, develop MITRE-mapped SPL detections, tune them for your environment, and install 100 AI-powered use cases via Whiteleaf AI — in a 280-hour engagement.

    Overview

    Try agent mode
    Create proposal
    Ask question

    Use Case Workshop: Keos consultants review your environment and recommend up to 50 new security use cases tailored to your infrastructure and threat landscape.

    Risk-Based Use Case Development: Keos writes SPL for 20 new risk-based use cases, ensuring each is MITRE-mapped and configured with appropriate alert actions.

    Use Case Tuning: New use cases are tuned using customer-specific lookup tables, time frame adjustments, and suppression rules to reduce noise and improve detection fidelity.

    CIM-Compliance: Existing data streams are integrated into Enterprise Security data models using Splunkbase TAs, with index constraints added to data model macros.

    Whiteleaf AI Use Cases: Keos installs and configures 100 AI-powered Whiteleaf use cases, validated and connected to Enterprise Security for risk score output.

    Highlights

    • Up to 20 custom, MITRE-mapped risk-based use cases developed and tuned for your specific environment
    • CIM-compliant data integration ensures detections run against properly structured, queryable data
    • 100 AI-powered Whiteleaf use cases installed and validated within Splunk Enterprise Security

    Details

    Sold by
    Keos 
    Categories
    Security 
    Implementation 
    AI Security 
    Delivery method
    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Learn more 
    Explore multi-product solutions
    Multi-product solutions

    Pricing

    Custom pricing options

    Request private offer
    Pricing is based on your specific requirements and eligibility. To get a custom quote for your needs, request a private offer.

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Support

    Vendor support

    info@csjunction.com 

    Software associated with this service

    Deepwatch Managed Security Services 
    By Deepwatch
    Deepwatch is the leading managed security platform for the cyber resilient enterprise. Deepwatch extends security teams and proactively improves cybersecurity posture via its squad delivery model and patented Dynamic Risk Scoring alert engine. Deepwatch is a founding member of the AWS Level 1 MSSP Competency.
    View product 
    Splunk SIEM for AWS Security Hub Extended 
    By Splunk
    Splunk Powers the Next Generation of AWS Security Hub Extended. The Power of Splunk SIEM. The Simplicity of AWS Security Hub Extended.
    View product 
    Splunk on Ubuntu 24.04 with maintenance support by PCloudHosting 
    By pCloudHosting LLC
    This product has charges associated with it for maintenance, support, deployment, and infrastructure services provided by PCloudHosting. Splunk is offered as a preconfigured and managed deployment on Ubuntu 24.04 for log analysis, monitoring, and operational intelligence.
    View product 
    MDR for Splunk Cloud. Please contact BlueVoyant for Private Offer. 
    By BlueVoyant
    Ongoing Managed Detection and Response services via a full-time 24x7 security operations center
    View product