SplunkTalk – #70 – New, Improved & Back for the Attack!

This episode of SplunkTalk finds Hal and Wilde chatting it up about something special that was announced at Splunk’s 2014 User Conference, that being an itty-bitty little point release known as Splunk 6.2 ;) A ton of new features and other really cool stuff is discussed in this slightly longer than normal SplunkTalk episode. Splunk Dev Ecosystem has a contest for Splunk App Developers called Splunk Apptitude running from Nov 18, 2014 – Jan 20, 2015! You can earn some serious prizes for building apps. Over $50,000.00 (USD) in cash and prizes. Now that’s a reason to get up in the morning, hit dev.splunk.com and build yo self a kickbutt app. More fun than human beings should be allowed to have, SplunkTalk is here.

» Continue reading

Making Sense: Manufacturing, Splunk and Industrial Data

Recently, in the online publication Manufacturers Monthly, Denise Carson published a piece called “Harnessing Operational Intelligence”, and really made the case for using big-data and platforms like Splunk to deal with “rising costs and the tyranny of distance”. Denise explained that operational intelligence has the potential to help manufacturers do things smarter and remain competitive in the face of massive volumes, velocity, and variety of data.

In the same week, in the “Smart Business” section of the Chinese language ITHome.com, Yu Zhihao wrote about how a Korean semiconductor company was using Splunk and big data to perform real-time analysis of the semiconductor production line, and was quickly getting to the bottom of production issues through advanced analytics …

» Continue reading

Preparing users for phishing attacks with Splunk

Why waste time and energy trying to crack passwords or hack through some obscure and complex vulnerability when there is a much easier way to breach a computer network?

Want a break in? Just ask for an invitation.

Phishing is probably the simplest way to get reliable, authentic access to a target network. By baiting users into visiting a website or downloading code, hackers can persuade them to hand over valuable access to vital data stored in even the most secure environments.

One Splunk customer in the healthcare industry found an ingenious way to fight back. Techniques they developed with Splunk have helped them harden their network against social engineering attacks and better protect patient data. The tactic has been …

» Continue reading

Monitoring Network Traffic with Sysmon and Splunk

Every IT guy has a set of tools that they use every day. One of mine is sysinternals. It’s a set of Windows utilities made available by Microsoft that do a whole slew of things. You can install them with chocolatey (another in my toolset) or downloaded and unpacked from their website. If you use Windows and this toolset isn’t in your arsenal, maybe it’s time.

Back in August, I got a request from one of our engineers asking me if we had any plans to support the collection of Sysmon data. Sysmon is a Windows system service (yes, another agent) that logs system activity to the Windows Event Log. However, it places all the important stuff in the …

» Continue reading

Smart AnSwerS

Hello, and welcome to the debut of Smart AnSwerS, a weekly blog series featuring posts from Splunk Answers on trending issues, interesting use cases, and more!

For the last couple of months, I’ve been reviewing incoming content on Answers and selecting high-value postings to summarize and email weekly to my compadres on the mighty Splunk Support team. Pretty quickly, we realized that this information wasn’t just useful to Support–it is useful to everyone who uses Splunk–so here we are. This first installment is a bit of a best-of from the previous emails, but look for a new blog post each week chock full of specially-curated Answers for you to expand your brainmeats with.

Answers? What’s that?

If you aren’t familiar with Splunk

» Continue reading

Splunk App for SharePoint goes Open Source

For about the last year, I’ve been working on an update to the Splunk App for SharePoint. But it isn’t the one you would expect. I’ve been working to open source the app. At the end of the day the best person to write an IT Operations app for Splunk is the person who is intimately involved in the running of the workload. Today, we are flicking the switch and opening up the project. We are allowing you to directly file bugs and feature requests; we are allowing you to submit code; and we are encouraging you to get involved in the project.

So, how can you do this. Firstly, you will want to have some sort of test environment. …

» Continue reading

The Bank of Splunk

Spend by City

No, we’re not diversifying into a financial services company…

I recently received a letter from Her Majesty’s Revenue and Customs. If you’re reading from the US, they perform many of the same duties as the Internal Revenue Service. Thankfully it wasn’t a demand for unpaid taxes, but a breakdown of how my taxes had been spent over the previous year on things like education and welfare.

For a long time I’ve wanted to quantify my monthly financial accounts, similar to this letter, starting from when I first opened my bank account. Unfortunately in the UK we don’t have a product that works like MINT to do this just yet… but we do have Splunk.

Using Splunk I’ve now started to track …

» Continue reading

Introducing the new Splunk App for AWS

Today we’re excited to announce the release of a fully re-written and much expanded Splunk App for AWS. Get it here and gain immediate operational assurance and visibility for your AWS-hosted infrastructure.

What’s new with the app?

  •  Works with Splunk Add-on for Amazon Web Services
  • New dashboards and visualizations for AWS Cloudtrail
  • New alerts for AWS CloudTrail
  • New dashboards and visualizations for AWS Config
  • Billing Reports provided by Splunk Add-on for Amazon Web Services

AWS CloudTrail
AWS CloudTrail records user API activity and related events for your AWS account. Using the <Splunk Add-on for Amazon Web Services> you can retrieve details about the actions made by the caller, including the caller’s identity, the time of the call, the request …

» Continue reading

Machines, People, and Categories, Oh My!

Let’s say you’re working with Enterprise Security and you need to figure out how to put more devices into the asset and identity correlation framework. Here are some resources to get you started!

There are two useful types of data to integrate: lists of assets or identities, and attributes of assets or identities. In both cases, it may also be interesting to enable ad hoc, real-time queries of your data source for individual terms.

A list can be dumped from a directory, systems management tool, asset discovery system, or the like. These are typically accessed via DB Connect or Splunk Support for Active Directory. Other ways to get at this data include modular inputs to query web-based APIs. …

» Continue reading

Protocol Data Inputs

It must have been about a year ago now that I was talking with a Data Scientist at a Splunk Live event about some of the quite advanced use cases he was trying to achieve with Splunk. That conversation seeded some ideas in my mind , they fermented for a while as I toyed with designs , and over the last couple of months I’ve chipped away at creating a new Splunk App , Protocol Data Inputs (PDI).

So what is this all about ? Well to put it quite simply , it is a Modular Input for receiving data via a number of different protocols, with some pretty cool bells and whistles.

pdi

 

So let’s break down some of …

» Continue reading