Free and Open-Source S.O.A.R.

The longer I spend staring at Splunk, the more I wish something; anything; would happen. Sure; there is data, logs, numerous events which make my eyes bleed. But it’s not actionable; my eyes, brain, and emotions have preconditioned me to skip, avoid and eventually discard information without setting off any alarms. The tedium of my daily routine creates gaps in an otherwise “secure” environment. If only there were a way to know which events to review.

https://xkcd.com/2368/
https://xkcd.com/2368/