Abstract:
In today's computer network environments, a signifcant volume of security log
data is generated, posing a challenge for organizations in terms of handling and
utilizing this data e?ectively. To address this challenge and enhance information
security, centralized log management, and analysis, organizations can leverage Security Information and Event Management Systems (SIEMs). SIEMs play a crucial role in assisting organizations with compliance regulations and mitigating the
risk of network intrusions by enabling comprehensive monitoring, detection, and
response to security incidents. This thesis specifcally focuses on implementing a
SIEM solution using Splunk, a leading platform, to strengthen the security posture
and enhance threat detection capabilities in the Sonelgaz organization, which can
serve as a reference for other entities seeking to enhance their information security
and centralized log management capabilities. The study emphasizes the benefts
and challenges associated with implementing a SIEM solution, particularly utilizing
Splunk, and provides recommendations for optimizing its usage to maximize threat
detection and incident response capabilities.
