BHAVNEESH VOHRA

• Integrated Splunk Enterprise with multiple security applications, ensuring seamless data ingestion and troubleshooting complex integration issues to maintain SIEM reliability.
• Automated the onboarding of Prisma Cloud alerts into Splunk by developing custom shell scripts, improving cloud security visibility.
• Built and optimized detection rules in Google Chronicle focused on Azure and CrowdStrike telemetry, enhancing cloud-native threat detection.
• Developed and fine-tuned IOA and correlation searches in CrowdStrike Next-Gen SIEM, aligned with MITRE ATT&CK techniques for proactive detection.
• Administered Splunk Cloud environments, implementing RBAC (Role-Based Access Control) through automation scripts to enforce security policies.
• Engineered a custom Splunk Add-on in Python to integrate CrowdStrike Alerts v2 API, enabling automated log ingestion and CIM mapping.
• Leveraged SimSpace to simulate adversary attacks and validate IOA/IOC detection logic, strengthening detection engineering use cases.
• Designed and deployed para-rules across FireEye and Tanium, improving endpoint and network detection coverage.
• Tuned and validated detection use cases across multiple SIEM platforms (Google Chronicle, Splunk) to reduce false positives and improve alert fidelity.
• Implemented and tuned ingestion pipelines supporting event formats such as Syslog, CEF, LEEF, JSON, and XML, ensuring normalization and CIM alignment.
• Designed and maintained log collection pipelines using Cribl Stream and Splunk Forwarders, optimizing data routing and filtering to control license usage.
• Onboarded and monitored cloud-native telemetry including AWS CloudWatch/CloudTrail, Azure Monitor, and GCP Logging, enabling multi-cloud threat detection.
• Proficient in Python (custom Splunk Add-ons, API-based integrations, data transformation scripts) and shell scripting for automation and security data engineering.
• Authored and optimized complex SPL queries in Splunk and Chronicle CQL for use cases such as anomaly detection, threat hunting, and correlation searches.

• Working on dashboards and data onboarding tasks .
• Created Custom addon for Trend micro portable security.
• Working and understanding Ansible to manage splunk environment as Infrastructure as a Code.
• Experience in alert handling, standard availability and performance report generation. Experience in root cause analysis of post-production performance related issues through Splunk tool.
• Supporting customer base and troubleshooting issues in production environment.

Integration of Splunk with a wide variety of legacy ad security data sources that use various protocols.

Installation and configuration of Splunk apps to onboard security data sources into Splunk

Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts. Worked on installing Universal Forwarders and Heavy Forwarders to bring any kind of data fields into Splunk.

Writing Splunk Queries, Expertise in searching, monitoring, analyzing and visualizing Splunk logs.

Experience in integration using web services (REST,SOAP)

Designing, optimizing and executing Splunk-based enterprise solutions.

Installed and configured Splunk Universal Forwarders on both UNIX (Linux, Solaris, and AIX) and Windows Servers.

Hands on experience in customizing Splunk dashboards, visualizations, configurations using customized Splunk queries.

Responsible with Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.

• Performed integration of splunk with wide variety of legacy and security data sources that use various protocols.
• Installed and configured splunk apps to onboard security data sources into splunk.
• Good experience in working with log4j and syslog ng in onboarding security devices on splunk. .
• Experience with regular expressions and using regular expressions for data retrieval.
• Worked with application owners to create or update monitoring for applications.
• Scripted sql queries and worked on DB Connect 3.0 in search head cluster environments of oracle,mysql,db2.
• Strong knowledge of windows, linux, and unix operating systems.
• Good understanding of Networking and Security concepts
• Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Performed configurations with deployment server, indexers, search heads, serverclass.conf, server.conf, apps.conf, props.conf,transforms.conf, forwarder management configurations.
• Strong knowledge of python worked on splunk sdk for python
• Knowledge of tools like servicenow , confluence
• Handled bitbucket independently and supported client in resolving all errors faced during pushing files to Bitbucket familiar with git.

• Good Understanding of Splunk architecture, Knowledge about various components (indexer, forwarder, search head, deploymentserver)
• Managing the licenses, creating the license master, connecting the license slaves to them and managing the licensepools
• Installation and configuring the Universal Forwarders, Heavy Forwarders, Splunk Search HeadCluster
• Implementing and configuring Splunk IndexCluster
• Implementing and configuring Master, Deployer and DeploymentServer
• Upgraded various Splunk instances
• Deploying configuration bundle to clustermember
• Installing Standalone Splunk Instance and configuring indexes, sourcetypes
• Providing and controlling User access for Splunkapplication
• Monitor event source connectivity and report log collectionfailures
• Installed SSL certificates for Splunkinstances
• Converted Universal forwarder to HeavyForwarder
• Worked on Rsyslog configurations and listeners to get the logs from remote devices inSplunk
• Daily health checkups onto Splunk’s monitoring console and perform troubleshooting whereverneeded
• Splunk SPL (Search Processing Language) and Dashboarding/Visualization.
• Developed alerts and timed reports Develop and manage Splunk applications.
• Implemented maps integration and dynamic drill downs extensively.
• Experience in Splunk GUI development creating Splunk apps, searches, data models, dashboards, and Reports,automated alerts using the Splunk query language.
• Strong knowledge of HTML,CSS,JavaScript,Python,Data structures and Algorithms. Worked on More than 5 POCs.
• Excellent understanding of API.
• Worked on POCs on Web Application Development Using Python/Java,Spring,Angular
• Basic Knowledge of Devops Tools Like Chef,Git ,BitBucket,ansible etc