PowerShell Resource Kit for Splunk
Earlier this week Splunk launched a preview of the PowerShell Resource Kit on Github. It is designed to help Splunk admins who want to automate administration of their Splunk deployments, but also has some pretty cool recipes for integrating Active Directory with Splunk, forwarding alerts and other data to Microsoft’s System Center Operations Manager, and performing a rudimentary topology discovery via an automated Splunk search with PowerShell.
Many of Splunk’s customers monitor very large Windows environments that have hundreds if not thousands of Universal Forwarders. They also use Active Directory for authentication, policy management and general asset organization. It turns out that they also use PowerShell extensively. So, why not develop a Splunk module for PowerShell?
Splunk App for Microsoft Exchange
Microsoft Exchange is one of the most ubiquitous, mission critical services deployed on-premise today. According to Gartner analysts, there are over 300 million users and this number continues to grow steadily. However, Exchange can also prove to be incredibly challenging to keep reliable and secure.
Exchange administers have long been the scapegoats of unreliable messaging. How many times have we cursed our admins for losing a message, dealing with unwanted spam, or not being able to send or receive messages? Or better yet, what if your entire organization is infected with a virus, like Slammer or Lovebug? Generally speaking, if there’s a problem with messaging or calendars, it’s the Exchange admin’s head.
The pain point was heard loud…
Focusing on Microsoft – starting with Active Directory
This blog will focus on things related to Splunk and Microsoft. It will have posts related to how customers are using Splunk, which partners are adding to Splunk’s value proposition, and highlight existing functionality that optimizes Splunk for Windows workloads. Of course, there might also be a little shameless promotion of new whitepapers, upcoming presentations and Splunk-sponsored events.
As such, there are couple of whitepapers about monitoring and auditing Active Directory with Splunk. One of the whitepapers touches upon general requirements for AD monitoring/auditing , while the other describes how to use Splunk with these requirements in mind. Splunk does things differently from most other data management and processing tools. We suggest collecting ALL of the data first…