Creating McAfee ePO Alert and ARF Actions with Add-On Builder
One of the best things about Splunk is the passionate user community. As a group, the community writes amazing Splunk searches, crafts beautiful dashboards, answers thousands of questions, and shares apps and add-ons with the world.
Building high quality add-ons is perhaps one of the more daunting ways to contribute. Since the recently-updated Splunk Add-On Builder 2.0 was released, however, it’s never been easier to build, test, validate and package add-ons for sharing on SplunkBase.
Technical Add-Ons, aka TAs, are specialized Splunk apps that make it easy for Splunk to ingest data, extract and calculate field values, and normalize field names against the Common Information Model (CIM). Since the release of version 6.3, Splunk Enterprise also supports TAs for …
Cybersecurity Week in Germany – Splunk wins Best SIEM
This week saw lots of activity taking place at IT-SA, the biggest German security event held in Nürnberg.
IT-SA 2016 – The IT Security Expo and Congress
This year was a record year for the conference with over 10,000 visitors and over 490 companies exhibiting.
The Splunk team was there in full force to showcase how we can help organizations utilize the gold hidden in their machine data. While security use cases were top of mind – many visitors wanted to learn how they could re-use their security investment across the company. In the booth theatre Splunk technical experts demonstrated how this works. In addition, we had ForeScout presenting on how it integrates and works together with Splunk. …
Important information for customers using Splunk Enterprise 6.2 or earlier
Do you use SSL to secure Splunk Enterprise? Are you still using Splunk Enterprise version 6.2 or earlier? If you answered yes to both of these questions, please read on.
Securing communication with your Splunk instance can be essential in today’s digital environment, especially if it is collecting sensitive information. If communication to/from your Splunk instance can be easily intercepted (e.g. public access to SplunkWeb, Forwarders outside firewall) then this communication should be encrypted using SSL. Additionally, security functionality is constantly being enhanced to combat the evolving threat landscape so you should stay on as current a version of Splunk as possible.
You may have heard that the OpenSSL Software Foundation will cease support for OpenSSL version 1.0.1 as …
Splunk & Cisco Web Security Appliance (WSA) – BFF: „Dear IT-Admin: My Internet is so slow“
I recently met with Tobias Mayer, an engineer from EMEA with Cisco. He has a particular expertise in Websecurity Technology. The Cisco Munich Data Center has a great Splunk deployment and Tobias works closely with organizations in EMEA to solve their daily problems.
One common claim from End-Users in IT is „Our internet is slow“….and then the troubleshooting begins…
There are various components within enterprise IT that could be the reason why: „the internet is slow“.
It could be:
- The Proxy Server is running on max load (CPU, Memory, Concurrent Connections)
- The network connection from the client to the proxy within the internal network is slow
- The Active Directory / Authentication Service for the proxy response is slow
Cyber Defense Day at Deutsche Bahn
Hello Security Ninjas,
Recently Deutsche Bahn joined forces with our Splunk Germany team and organized the first Cyber Defense Day at Deutsche Bahn. They had about 100 security people attending from within Deutsche Bahn, as well as from other companys in the Frankfurt area to encourage information sharing and networking between different organizations. Sven Grun from DB Systel (part of Deutsche Bahn) opened and moderated the event which was hosted in the Silvertower Skydeck in Frankfurt.
Samuel Ruppert from DB Systel showed in a demo how to hack a vulnerable web application – for example an Info Entertainment System on a train. His takeway for the audience was that security needs to be implemented in each step of the …
Detecting Ransomware Attacks with Splunk
Splunk at CyberSecurity IP Expo London – Securing the digital enterprise
This year you can find Splunkers at the Cyber Security Europe event, part of IP Expo, from 5th-6th October in London. Cyber Security and cyber resilliance is on top of mind for everyone at this conference.
The focus in IT security is no longer to just protect your perimeter or systems against malware attacks. As cyber criminals become better organized, the impact of a successful attack can seriously impact your company’s brand, your customers and your intellectual property. Together with the fact that it is now clear that it’s not possible to prevent 100% of breaches, it;s clear that organizations need to change their approach. By moving from pure prevention to add early detection and response capabilities, organizations can gain …
Use Analytics-Driven Decision Making and Automation to Improve Threat Detection and Operational Efficiency
Today, we announced major advancements to our security analytics portfolio with a new version of Splunk Enterprise Security 4.5 (ES), which introduces significant innovations to Splunk ES.
Enterprise Security (ES) 4.5 includes Adaptive Response, which helps extend security architecture beyond legacy preventative technologies, and events-based monitoring to use connected intelligence for security operations to gain full visibility and responsiveness across the entire security ecosystem. The new release introduces Glass Tables, which expands the visual analytics capabilities of Splunk ES.
Meeting the growing needs of CISOs adopting automation and orchestration
Many Splunk security customers already use automation to eliminate routine tasks in order to accelerate detection and streamline their response times. A recent survey conducted by 451 Research reveals that 57% …
Introducing Splunk UBA 3.0
Splunk User Behavior Analytics 3.0 (UBA) introduces significant advancements to Splunk UBA and drives Splunk’s Security Analytics to the next level. This is evident with Gartner placing Splunk in the leader’s quadrant and positioning Splunk furthest overall for completeness of vision.
Splunk UBA 3.0 makes an architectural shift by decoupling platform from content, thereby, providing customers with an ability to update detection footprint with zero downtime and without the hassle of upgrading the entire platform. Content includes the following: machine learning models, threat models, anomaly classifications, data sources, and intelligence. The goal for this architectural shift is two-fold – improve operational efficiency and keep up with the ever-changing threat landscape by delivering regular updates.
Model, Models and Lots of Machine…
Trust and Resilience at the Speed of Business – How Travis Perkins built a lean SOC with Splunk in the Cloud
This week we attended the Gartner Security & Risk Management Summit in London. IT-Security Managers from across Europe came together to network, exchange information about the latest cyber security strategies and understand Gartner’s perspective on the market.
As every industry continues to focus on digital transformation and move services online, security has become an even greater organizational priority. Organizations that customers trust and are confident in using will be clear winners in the long term. For many organizations IT related risk has become a major part of their corporate risk assessment that the board of directors has to review regularly .
As a result, many organizations have identified the need to build up Security Operations Centers (SOC) or …