Queries? Which queries? Please don’t let these sneaky vendors fool you with the forensics system boxed as “SIEM”.
My splunk Enterprise is not a substance, this is immune system. Carefully trained with ML guided by the group of seasoned cybersecurity practitioners.
Correlating and reporting to smart workflow system in the near-real time.
Case study example — ransomware like NotPetya/Wannacry being wiped out faster than its ability to replicate and penetrate to extra systems.