.conf2014 Highlight Series: Operationalizing Advanced Threat Defense
As we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas in September, we’re excited to continue our series of .conf2014 #TBT highlights. This week we revisit Monzy Merza’s in-depth presentation focused on how to get the most out of the Splunk App for Enterprise Security.
Splunk App for Enterprise Security
Splunk’s Minister of Defense and security guru, Monzy Merza, shows how to use the Splunk App for Enterprise Security to detect, respond to and mitigate advanced malware through various phases of the threat’s lifecycle chain.
For the full recording, check out Operationalizing Advanced Threat Defense.
We look forward to sharing more of these …
CyberPatriot: Training Future Cyber and STEM Leaders
This week is the finals for the CyberPatriot National Youth Cyber Defense Competition, a national contest that connects middle and high school students with cyber technologies. This competition is designed to spark interest in cybersecurity and other science, technology, engineering and mathematics (STEM) disciplines. CyberPatriot itself is a broader education program that was founded by the Air Force Association (AFA) in 2011, but the finals competition is what grabs headlines each year.
Students from across the country participate in the annual competition, beginning at the state and regional levels and progressing to the national finals at National Harbor just outside Washington, DC. Teams are equipped with resources to help them prepare for each round of the competition while being …
Contextualize your data with threat intelligence information from Project Honey Pot
Greetings Splunk Ninjas,
this is my first blog post. I’m a Splunk EMEA specialist and work in the IT industry nearly 10 years. 7 of them with Software Vendors in the IT-Security space. I worked already with many large companies to improve their environments in many ways.
Some time ago I posted on Splunk Apps the IP Reputation App. I was inspired by the trend of various security vendors establishing reputation databases and including them in their products (next generation firewalls, AV’s etc). There is great value in having this information included in the Splunk platform to put machine data in context.
After two years on apps.splunk.com the app has had over 4,000 downloads so there is a lot of demand. The app performs lookups …
Splunk App for Stream 6.2 delivers a big bag of goodies!
The Splunk App for Stream just got better! In addition to support for Linux and Mac operating systems, I am pleased to announce that the app now supports Windows 2008 R2 and Windows 7. This new 6.2 version is available now on Splunk Apps. You can use Splunk software with the Splunk App for Stream to correlate wire data with other machine data from any other technology.
In the past releases of Splunk App for Stream, we offered you various ways to work with your wire/network data, whether you wanted to observe all of the data or just a subset of protocols and defined fields. We are now adding even more options for data collection and extraction. The Splunk …
The Splunk App for Stream – Tracking Open Ports for Security and Compliance – Part 2
.conf2014 Highlight Series: Splunk Ninjutsu by David Veuve
In our ongoing series of .conf2014 #TBT highlights, we revisit David Veuve’s “Security Ninjutsu” presentation focused on using Splunk for Advanced Correlation, Anomaly Detection and Response Automation.
IT Operations, Security
Splunk’s analytical capabilities allow security users to leverage advanced correlation and anomaly detection moving beyond basic incident response. Splunk can also take action, ranging from integration with ticketing systems to automatic blocking and beyond. This session walks the audience through automated threat intelligence response, behavioral profiling, anomaly detection, and tracking an attack against the kill chain. Through each of the examples, David reviews the data, how to analyze it, and what actions could be taken, providing reusable examples for how …
Splunk App for Stream: How Can You Use Ephemeral Streams?
Did you know that Splunk App for Stream supports ephemeral streams in addition to permanent ones? Ephemeral stream capture enables you to grab wire data on the fly for a specified period and analyze it in Splunk software. You can start using ephemeral (temporary) streams in a variety of situations: security analysis (see below), to better your applications performance, to observe network latency during increased traffic conditions (for example, Cyber Monday or another seasonal event).
We have integrated wire data and ephemeral streams in our popular Splunk App for Enterprise Security. From within the app, you can trigger on-the-fly wire data capture based on your search results, events or alerts. With ephemeral streams you can choose to monitor just …
Deploying Splunk Securely with Ansible Config Management – Part 2
In part one we covered generic deployment of Ansible with a static inventory list. This time, we are going to raise the complexity bar a bit and show you how you can use Ansible to deploy the Splunk environment with a dynamic inventory. Keep in mind that not only can you use this for Splunk, but for other deployable server types in your organization.
What is a dynamic Inventory and When do I use it?
Dynamic inventory, in our case, is when you have a list of servers and server types that are being destroyed and created very fast. A scenario where this might be needed would be in an auto scalable environment like AWS EC2 where you …
Top 10 Splunk and Cisco Highlights in 2014
Over the past 7 years Cisco and Splunk have built a broad and multi-faceted relationship.
Internally Cisco IT, security, engineering and other teams use Splunk software every day for operational intelligence and security analytics. Cisco shared details at Splunk’s 2014 user conference in a session titled “How Cisco IT Moved from Reactive to Proactive and Even Predictive with Splunk” and Cisco’s CSIRT team commented a blog post on Security Logging in an Enterprise “… [W]e moved to Splunk from a traditional SIEM as Splunk is designed and engineered for ‘big data’ use cases.”
Splunk & Cisco have partnered across security, networking, application management, IoT, Big Data and other areas to help our joint customers realize the same …
Monitoring Network Traffic with Sysmon and Splunk
Every IT guy has a set of tools that they use every day. One of mine is sysinternals. It’s a set of Windows utilities made available by Microsoft that do a whole slew of things. You can install them with chocolatey (another in my toolset) or downloaded and unpacked from their website. If you use Windows and this toolset isn’t in your arsenal, maybe it’s time.
Back in August, I got a request from one of our engineers asking me if we had any plans to support the collection of Sysmon data. Sysmon is a Windows system service (yes, another agent) that logs system activity to the Windows Event Log. However, it places all the important stuff in the …