Best Practices for using Splunk Enterprise for compliance

Screen Shot 2016-11-09 at 2.06.28 PMIn September at .conf2016, the Splunk worldwide users conference, I co-presented a session titled “How to Use Splunk for Automated Regulatory Compliance.” It included a discussion of regulatory compliance and standard/framework 101 and how Splunk could be used for compliance, including some case studies and product demos of the Splunk App for PCI Compliance, the CIS Critical Security Controls App for Splunk, Splunk Enterprise Security, and Splunk User Behavior Analytics.

For the technical ninjas attending the session, the most interesting part was probably the closing section covering best practices related to using Splunk Enterprise for compliance which is the focus of this blog post. I have listed these best practices below in …

» Continue reading

Meet the 2016 Splunk Revolution Award Winners!

Splunk-Revolution-Twitter-440x220While .conf2016 is officially a wrap, we continue to celebrate this year’s Revolution Award winners!

The sixth annual Splunk Revolution Award ceremony crowd was our biggest ever. Splunk CEO Doug Merritt announced the winners to a global audience of Splunk customers, partners and Splunkers; many of us had just arrived to .conf2016 with three full days of sessions still ahead of us!

The Splunk community comradery present at the ceremony was the perfect way to begin the best .conf ever!

Doug Merritt, Splunk CEO, presented the 2016 Splunk Revolution Awards at .conf2016 at Disney World in Orlando, Florida.

Doug Merritt, Splunk CEO, presented the 2016 Splunk Revolution Awards at .conf2016 at Disney World in Orlando, Florida.

“Each year, the Revolution Awards celebrate and recognize passionate customers that have shared their exemplary breakthrough stories of innovation using Splunk inside …

» Continue reading

Can you SPL?

splbee_scoreA couple of weeks ago at .conf2016 we conducted our 2nd annual SPL’ing Bee and it was just as exciting as the year before.  We had over 30 contestants, close to 100 spectators and a whole new set of challenging questions.

Here is a little background on how the SPL’ing Bee works.

During the SPL’ing Bee, contestants compete by using SPL to answer questions of a specific data set.  To do this, contestants download and install the “Add-on for SPLBee App” on Splunkbase.  This app allows each contestant to write a SPL query on a specific data set and submit their results to a master judging instance using a macro and a Splunk custom command called sendjobmeta created by …

» Continue reading

Reimagining IT at .conf2016

Last month, during the IT Ops Keynote at Splunk .conf2016, Splunk’s Chief Technology Advocate Andi Mann talked about the massive impact and opportunity created by digital transformation. Every industry, every business and every organization is experiencing the effects of digitization and dealing with an astounding rate of change. Whether it’s software-defined-everything, containerization, microservices or the world of the Internet of Things (IoT), digital transformation is everywhere. This newest evolution of IT is disrupting market leaders and upending entire industries – pushing every business to be a technology business. Digital transformation is also changing the technology we use as well as the way our teams connect, work and solve problems.

» Continue reading

Buttercup Games – Level 3: The One-Millionth Flap

1mil_low

On the final day of .conf2016 some of us were having dinner and I noticed the number of total flaps was approaching 1 million. That means people tapped their screen nearly 1 million total times to make Buttercup fly! So of course I needed to open a real-time search and watch it click over.

This made me wonder who was the person who actually touched their screen for the 1 millionth time?  The answer is always just a search away in splunk.

Screen Shot 2016-10-03 at 10.39.08 AM

Congratulations to Mike Ruszkowski, I hope bells rang and confetti rained! I know my co-worker Matt Oliver (at the top of the table above) was gunning for that 1 millionth flap.

Beyond the millionth flap there have been some other impressive statistics. I’m …

» Continue reading

Splunk Pledge and Education

SCL-Splunk-conf2016-Badge-6_fb-1200x627This September marks my fifth year at Splunk.  Since day one on the job, I have spent a great deal of my waking time thinking about how to scale up educating folks on Splunk, in particular for universities and other educational entities.  There is a bit of chicken-and-egg to this dilemma, as most teachers and students don’t see the value of Splunk until they have had some exposure to it.

Over the past five years, we have built programs around licensing and training on Splunk that give not-for-profit educational entities a way to learn, use, and teach Splunk without spending anything but time.  We have had some success, but the efforts did not really scale up until we …

» Continue reading

Buttercup Games – Level 2: Buttercup Go data

Buttercup Go is thriving 4,234 people have played the game and lots of data is being generated. In this post I’ll walk through some of the data we are generating.

Screen Shot 2016-09-28 at 6.08.32 PM

The data includes web, OS, load balancer, network, firewall, other AWS data, etc. There are a few other data sources I want to point out specifically.

Authentication Data

We wanted to allow users to play right away, without the need to sign up. Auth0 was a perfect choice. It was quite easy to use and gave us everything we needed. Not only did it allow many authentication options (think Google, Facebook, Twitter, LinkedIn, etc) but Auth0 also generated great data and could send directly into Splunk. Here was the breakdown of how people …

» Continue reading

Adaptive Response: Beyond Analytics-Driven Security

SCL-Splunk-conf2016-Badge-7-v2_fb-1200x627

Now that .conf2016 is in full swing, I’m excited to discuss one of my favorite topics – the Splunk-led Adaptive Response Initiative, which we first announced at the RSA Conference earlier this year. We made a big splash with a strong group of 8 founding participants representing key security technologies like Network Firewall, Endpoint Detection and Response, Privileged User Management, Threat Intelligence, and Incident Response. We are thrilled by the support from Splunk customers and strategic partners as we continue to enable organizations to operate multi-vendor adaptive security architectures and bring life to our vision for a security nerve center.

So here we are in Orlando, and I’m happy to share our latest Adaptive Response milestones:

  1. We have extended Adaptive Response controls into Splunk Enterprise Security 4.5 (ES)
  2. Vendor
» Continue reading

Introducing Splunk Enterprise 6.5 – Machine Learning and Simplified Data Analysis Open New Vistas

SCL-Splunk-conf2016-Badge-2_fb-1200x627Want to put the power of machine learning (ML) to work to help optimize IT, security or biz ops? Wish it were easier for more users in your org to use Splunk for data analysis? Or maybe you’d be interested in improving power user productivity, automating management functions, or lowering storage TCO? Splunk Enterprise 6.5 has something for everyone.

Machine Learning Meets Machine Data

The latest release of the Splunk platform lets you put machine learning to work to tackle any use case that matters to your organization.

ciscoquote

Splunk Enterprise has long offered a strong array of ML commands like anomalydetection, outlierpredict and cluster that use fixed algorithms to do their work – no ML expertise required. Today, …

» Continue reading

Stepping Up Our Commitment with the Splunk Pledge

SCL-Splunk-conf2016-Badge-6_fb-1200x627From our very early days, Splunk has had an active culture of giving. Whether volunteering in schools, mentoring young people, holding bowl-a-thons, or using data to actually save lives, it’s always been clear that we care about our communities and the world we live in. Over the years that activity has grown in official and unofficial ways – first with the availability of licensing and education for members of Internet2, followed by availability for small nonprofits and the founding of Splunk4Good, and even some paid volunteer time for employees. We’ve gotten good response, with more than 300 universities and 50 nonprofits participating in the program.

But we have also heard that these programs – while increasingly visible outside of …

» Continue reading