Best Practices for using Splunk Enterprise for compliance

Screen Shot 2016-11-09 at 2.06.28 PMIn September at .conf2016, the Splunk worldwide users conference, I co-presented a session titled “How to Use Splunk for Automated Regulatory Compliance.” It included a discussion of regulatory compliance and standard/framework 101 and how Splunk could be used for compliance, including some case studies and product demos of the Splunk App for PCI Compliance, the CIS Critical Security Controls App for Splunk, Splunk Enterprise Security, and Splunk User Behavior Analytics.

For the technical ninjas attending the session, the most interesting part was probably the closing section covering best practices related to using Splunk Enterprise for compliance which is the focus of this blog post. I have listed these best practices below in …

» Continue reading

Some “Swede” use cases from SplunkLive Stockholm 2016

I have a fondness for Stockholm. I lived there for three months and asked my wife to marry me there (luckily she said yes or this blog post would start a lot less happy). I love going to all the cities in EMEA where we run SplunkLives but Stockholm is always one of my favourites.


At last year’s SplunkLive Stockholm we were lucky enough to have IKEA talking about why they replaced their SIEM with Splunk, Klarna talking about using Splunk in their SOC and Statnett talking about IT Troubleshooting and IT Service Management.

This year we had an equally strong line up of customers with some really “Swede” speakers (sorry), covering a variety of Splunk use cases in a …

» Continue reading

State and Local Government: Unleashing Your Data

B_GSiiLXIAAU1wsThe right big data solution for state and local government agencies can help thwart cyber attacks, improve IT operations, enhance citizen services, and more. Realizing the full value of your data will unlock a trove of insight to support your agency’s mission.

Government agencies at every level face security and compliance challenges. With state and local government IT budgets shrinking, the state of security within these agencies has become top-of-mind due, in part, to the direct effects it can have on public safety. Splunk works with many state and local government agencies to help them manage their unstructured data, fulfill compliance requirements, monitor and detect security threats, and understand patterns within their data to gain new insights.

Splunk worked with

» Continue reading

The Splunk App for Stream – Tracking Open Ports for Security and Compliance – Part 2

In  Part 1 of this post we looked at using the Splunk App for Stream to look for open ports on your networked systems.  (Hint: Follow the ACK packets.)  This post looks at how to keep track of those open ports, and how to detect when a NEW port starts listening.


Of course, Splunk is an extensible tool that gives you the ability to solve problems like this a number of different ways.  The method I’ve chosen to use for this case is the Splunk Key Value Store.  This is a new feature in Splunk 6.2 that lets you read and write data within a Splunk app, allowing you to maintain state in that application.  Think of storing …
» Continue reading

A sneak preview of TM Forum Big Data 2014

TMForumBigDataI’m lucky enough to be going to the TM Forum Big Data event in Amsterdam next week. It should be an interesting set of speakers and reference point for what telcos are doing with big data and also a great place to share best practice and practical experience.

I’m particularly interested to see the use cases for telco big data, looking at what data is being collected (from the network, handset, customer data) but also how that data is being used (customer experience, fraud, DevOps, marketing etc.)

We hear a lot about how big data allows better analysis, more informed decisions and identification of trends but in particular I’m keen to hear the presentation on how telcos are monetizing big …

» Continue reading

Big data and financial services – an EMEA perspective

I was lucky enough to attend the first day of the “Big Data in Financial Services” event in London a few days ago. I know some people might not think of that as lucky but I say it on the back of a surprisingly varied agenda, entertaining speakers and a lot of good debate and content on what big data means to FS companies and how they are using it.

The key point that I took away was that right now, FS companies are using big data today to focus on operational issues – risk, efficiency, compliance, security and making better decisions. However, there is a growing trend in FS companies looking at how big data is going …

» Continue reading

Microsoft Patch Tuesday! Are your servers patched?

It's my most favorite time of the month - Patch Tuesday! Ok, I might be slightly exaggerating there. Let's face it. It's a pain in the neck. I have to go around to every server in my development environment and ensure that all the critical patches have been taken care of. Usually, this means a trip to Windows Update, or checking the logs of the Windows Server Update Services (WSUS) server. Today, I woke up and decided Splunk was going to assist with this.
» Continue reading

Splunk for Meaningful Use

I visited a Health Care customer recently to discuss their most important use cases for Splunk. They’ve taken a holistic approach to getting all of their application data into Splunk and it’s really paying off. A key use case for their many health care facilities helps them stay compliant to meet their meaningful use requirements.

Meaningful use of health information technology is an umbrella term for rules and regulations that hospitals and physicians must meet to qualify for federal incentive funding under the American Recovery and Reinvestment Act of 2009 (ARRA). One of the overarching goals is to use Electronic Health Record (EHR) technology to improve the quality, safety and efficiency of patient care. Bottom line, it’s important to all …

» Continue reading

The first major HIPAA/HITECH fee levied


When you think about it, the fine levied by the HHS Office of Civil Rights isn’t all the cost of this HIPAA violation for BlueCross BlueShield of Tennessee. Turns out this was pricier than we thought. According to the law firm of Wilson Sonsini Goodrich and Rosati….

“BlueCross had self-reported the underlying incident under HIPAA’s requirements, and incurred more than $17 million in direct expenses relating to its investigation and remediation of the incident. The HHS investigators faulted BlueCross BlueShield for failing to implement appropriate administrative safeguards to protect information by storing protected health information on unencrypted computer hard drives. Under the settlement, BlueCross BlueShield also agreed to review and revise its healthcare information privacy and security policies, and

» Continue reading

Three Splunk 4.3 features security pros should start using today

There is a lot to like in Splunk 4.3 for security use cases, but three items should be of particular interest to security professionals.

Sparklines – Adding Time to Tables for Reporting

I use tables of information in several of the security reports I create. Usually I’ll want to track a particular type of event and include the number of times it happens along with an average over a period of time. This allows me to benchmark a particular threshold and use that as the impetus for an investigation. For example:

I want to track the number of successful accesses against assets where critical data is stored over a twenty-four hour period by user. My table will contain the name …

» Continue reading