From South Africa to Oslo & shipping to life insurance to sensor data. SplunkLive EMEA customer round up.

CT2It has been a busy few weeks for Splunk EMEA with eight SplunkLive events in Cape Town, Johannesburg, Frankfurt, Vienna, Oslo, Copenhagen, Stockholm and Amsterdam. There have been close to a thousand people hearing some great customer stories about how organisations use Splunk to get operational intelligence across a huge range of different industries. I was lucky enough to be at six of them and thought it would be worth sharing some of the stories from across the region.

 

 

It has been a bit of a flying visit to each country with the usual plane-airport-taxi-hotel-presentation-taxi-airport-plane but the range of use cases for Splunk, the many different industries and the different kinds of value the organisations are getting from …

» Continue reading

Splunk, Big Data and Healthcare Analytics in the Federal Government – Part 3 DHMSM

Welcome to part three of my three-part blog on the ascending role of big data for healthcare analytics in the federal government. In this final part of the series we look at DHMSM, a very large project to find efficiency and insight in near real time. Part one and part two can be found here and here.

DHMSM and the problem to be addressed

Department of Defense Healthcare Management System Modernization (DHMSM) Program is administering an RFP for a potential $11B effort which calls for the modernization the Department of Defense healthcare system by uniting multiple legacy healthcare systems and data stores, developed over decades. I’ve reviewed most of the RFP consisting over 20 attachments which also calls for …

» Continue reading

The Role of Big Data in Improving the Quality and Efficiency of Healthcare – Part 2 RMADA

In part two of the healthcare analytics topic we take a look at the RMADA RFP.

It is only through measurement that the quality of healthcare delivered can be improved and its delivery made more efficient. The Federal government needs to facilitate the highest quality at the lowest cost. Medicare, Medicaid and the Children’s Health Insurance Program (CHIP) all involve the use of Federal dollars and the Center for Medicare Services (CMS) has access to a massive amount of data the that could be used for planning, analysis, implementation, and rapid cycle evaluation of innovation and determine program effectiveness.

The purpose of the RMADA RFP, (contract awarded July 2014) is to solicit bids to, “…develop a Research, Measurement, Assessment, …

» Continue reading

Splunk, Big Data and Healthcare Analytics in the Federal Government – Part 1 The Veterans Administration

There have been three interesting events that have occurred recently in the area of healthcare analytics that deserve our attention:

  • The passage through the US House and Senate of the Veterans Access to Care through Choice, Accountability, and Transparency Act;
  • The development of a government IDIQ (indefinite delivery/indefinite quantity) contract to develop a Research, Measurement, Assessment, Design, and Analysis (RMADA) that will provide analytic support and technical assistance for models and demonstration programs that are derived under the Patient Protection and Affordable Care Act (ACA) and;
  • Department of Defense Healthcare Management System Modernization (DHMSM) Program procurement task orders.

These three activities all highlight the need for a big data solution in healthcare that can provide accountability, …

» Continue reading

Deploying Splunk Securely with Ansible Config Management – Part 1

Intro

More times than not I have seen corporations struggle with config management and it is key for concise mitigation and remediation plan. Interfacing with a variety of Splunk customers the corporations whom do implement a config management system usually have a different tactic on how to manage Splunk while doing it in a secure fashion. In this series of blog posts which will hopefully walk you through a simple deployment of Ansible all the way to the most complex use-cases I have seen. I will first be covering how Ansible can be leverage to manage a simple Splunk deployment on your own hosts. Part 2 we will cover how this can be done in a larger scale with EC2 …

» Continue reading

Generating Elliptical Curve Certs for Splunk

Intro

Very often we get questions about generating stronger Cert/Keys for Splunk. Specifically from users who run a vulnerability scanner against their Splunk instance. By default, Splunk ships with a 1024 bit strength RSA Cert. This is the same certificate authority cert across all Splunk binaries. Splunk recommends customers use their own CA and cert/key pair in the securing Splunk documentation. It is good practice to sign certs by your own CA.

I recommend an EC (Elliptical Curve) key/pair. For more about EC have a look here. Here are a few pros and cons of using EC certs:

Pros

  • Perfect Forwarding Secrecy (PFS) support
  • Shorter Keys which are as Strong as RSA key but are easier on the
» Continue reading

Sharing the Splunk Cloud Love

                                                                   Exhibit A

                                                                   Exhibit B

 

Tough to beat a reference like that!

However, I’m pleased to say that for Splunk Cloud…we just came pretty close. :-)

First this blog post by Cesar-Lopez Nataren of Mindtouch, titled “Mindtouch’s Path to Splunk Cloud Enlightenment.”  Some nuggets:

  • “The user interface for tweaking the dashboards was so phenomenally
» Continue reading

Cisco Security Suite 3.0.3 now includes Cisco Sourcefire

The Cisco Security Suite app continues to get updated for Splunk 6.x.  The latest addition is support for Cisco Sourcefire.  Information from your eStreamer server (e.g. Defense Center) is visualized including:

  • Intrusion events
  • Sensor information
  • Policy information
  • Hosts
  • Flow summaries
  • File / Malware events
  • Correlation events

So now, the Cisco Security Suite supports:

  • Cisco ASA and PIX firewall appliances, the FWSM firewall services module
  • WSA web security appliance
  • Cisco IronPort Email Security Appliance (ESA)
  • Cisco Identity Services Engine (ISE)
  • Cisco Sourcefire

Also, with each release, we incorporate more feedback about documentation.  Documentation can be found within the Cisco Security Suite app itself and on the Documentation tab on http://apps.splunk.com/app/525/.

Be sure to check out Splunk Answers as well for community …

» Continue reading

Cisco Security Suite 3.0.2 now includes Cisco IronPort Email Security Appliance (ESA) Data

The Cisco Security Suite app continues to get updated for Splunk 6.x.  The latest addition is support to Cisco IronPort Email Security Appliance (ESA).  A new add-on has been published that provides Common Information Model compliant field extractions and tags for data from Cisco ESA.  So now, the Cisco Security Suite supports:

  • Cisco ASA and PIX firewall appliances, the FWSM firewall services module
  • WSA web security appliance
  • Cisco IronPort Email Security Appliance (ESA)
  • Cisco Identity Services Engine (ISE)

Also, with each release, we incorporate more feedback about documentation.  So, in addition to documentation found within the Cisco Security Suite app itself, a subset of “getting started” documentation has been published under the Documentation tab on http://apps.splunk.com/app/525/.

 

Stay tuned, there …

» Continue reading

Cisco Security Suite 3.0.1 – Now with ISE

The Cisco Security Suite was recently updated to work with Splunk 6.  As mentioned in the previous release, one release is not enough to get all the Cisco security related information integrated into the suite.  With version 3.0.1 of the Cisco Security Suite, Cisco Identity Services Engine (ISE) has been added.  Over 20 ISE-related dashboards have been integrated into the suite.

Cisco with ISE

 

 

ISE is really powerful and adds a lot of additional data that can be correlated.  For instance, say you have an IP address from somewhere in your environment.  ISE can tell you which user is using that IP, what type of device the user is using, the posture of the device, and much more.  Therefore, in …

» Continue reading