Enriching threat feeds with WHOIS information

It’s almost been 2 years since I spent a summer in Seattle interning with the Splunk Security Practice (SecPrax) Team. Damn, time flies! The Splunk Security community is growing everyday, due to the unbelievable amount of flexibility, visibility, insight Splunk Enterprise offers for all data and as I have learned all data is security relevant. Back at Splunk to work with the Security Research team, this is my first blog post and I would like to hear what you people have got to say about it, so please leave a feedback/comment.

What am I missing while doing threat intelligence?

While I am doing some research looking for threat intelligence data sets to ingest into Splunk, I realized there can be …

» Continue reading

Splunk Discovery Days

While SplunkLive! events are taking place around the globe, we have simultaneously launched our Splunk Discovery Days.

Screen Shot 2016-04-20 at 1.23.38 PM

The Discovery Days, which are hosted in several cities across the U.S., will provide both current and prospective customers with an engaging way to learn more about Splunk software and solutions. The events will include a broad overview of Splunk, interactive tutorials on specific solutions and hands-on demonstrations of our software tools.

The very first Discovery Day of 2016 took place on April 14 in Des Moines, Iowa and was a great success. We’ve since seen events in Indianapolis, IN and Omaha, NE. Attendees were able to hear from a range of industry experts, customers and technologists on how they’re …

» Continue reading

Remove Cultural Obstacles in DevOps Adoption

It’s widely recognized that adopting DevOps principles can lead to many business benefits, including more agile and higher quality releases, and better alignment with customer needs. Unfortunately, one of the biggest challenges in DevOps adoption is the cultural divide between teams.

Also, container technology is gaining the attention of many in the dev community, due to the acceleration of continuous deployment and automation, and this doesn’t make the life of operations teams that much easier. I recently attended Container World Santa Clara, and the consensus is that in the next 5-10 years, containers will still be running in parallel or on top of virtualized infrastructures. So, the current or old systems are not retiring at the same pace as …

» Continue reading

Developing Correlation Searches Using Guided Search

Guided Search was released in Splunk Enterprise Security 3.1, nearly two years ago, but is often an overlooked feature. In reality, it is an excellent tool for streamlining the development of correlation searches. The goal of this blog is to provide a better understanding of how this capability can be used to create correlation searches above and beyond what Enterprise Security has to meet your unique security requirements.

So what is Guided Search?

It’s a “wizard”-like process to gather the key attributes that make up a correlation search. Essentially, there are five elements to Guided Search:

  • Identify the data set to search
  • Apply a time boundary
  • Filter the data set (optional)
  • Apply statistics (optional)
  • Establish thresholds (optional)

Along the way, …

» Continue reading

Welcome to the Hotel Cloud-ifornia

Screen Shot 2016-04-08 at 9.26.58 AMAside from being a clumsily executed pun, the title does sound a bit ominous – especially if you are familiar with the 1976 Eagles classic (is it just me or is it getting old in here?). Well it should be ominous because checking into the cloud is like checking into a hotel and that is both good and bad.

The good is you’re getting out of your daily grind, turning over all the maintenance to someone else, and getting away from the screaming kids (or hardware alarms for the purposes of our analogy). That’s great!

The bad, however, is you are moving in with strangers, the maintenance people have the keys to your room and you pay by the night (or …

» Continue reading

What We Call the Past Is Built On Bits

BinarySmIt’s impossible to talk about information theory without talking about Claude Shannon. In 1948, the same year that Bell Labs introduced the transistor, Shannon published a monograph in The Bell System Technical Journal titled, A Mathematical Theory of Communication. In it, the 32-year-old who was then part of the Bell Labs mathematical research group coined the word bit, declaring it a unit for measuring information.

Information theory began as a bridge from mathematics to electrical engineering, and from there to computing. It’s a transformation that is chronicled by James Gleick in The Information: A History, A Theory, A Flood. This ambitious book traces the history of communications through the centuries to teach us about the language of drum beats, …

» Continue reading

Splunk & 21st Amendment Brew day 2016

Do-ocracy (do͞o äkrəsē): The spirit of taking ownership/command/possession/etc and making it happen. That’s how we operate at Splunk. To commemorate this methodology we teamed up with 21st Amendment to make a DPA, or “Do-Ocracy Pale Ale”.

On February 29th we walked over to 21st Amendment which is conveniently located around the corner from our headquarters (could that in itself be a reason we chose the location of our HQ? Very possibly). Before we started brewing, we thought to throw in a few sensors; since we recently Splunked BBQ using Tappecue we just re-purposed the sensors and modified the dashboard for the brew day.

Screen Shot 2016-03-28 at 1.48.28 PM

There are four primary stages of the brew day:

1. The Mash-In: We add water heated to a specific temperature to the

» Continue reading

Announcing Splunk Add-On for Google Cloud Platform (GCP) at GCPNEXT16!

This week Splunk is thrilled to be speaking and exhibiting at GCPNEXT16 to announce the availability of a Splunk Add-On for Google Cloud Platform.  This free add-on available on Splunkbase, provides IT Ops Teams with secure access to GCP Pub/Sub events that you can collect, search, analyze and monitor in Splunk to maintain the security and reliability of mission critical services.  This includes any logs from GCP Services such as App Engine, Compute Engine, Container Engine, BigQuery, etc. that have been exported to Pub/Sub through Stackdriver Logging. Splunk’s Add-On also includes secure access to GCP’s Stackdriver Monitoring API which allow you to collect time series performance metrics from App Engine, Compute Engine, Cloud SQL, etc.  in Splunk.  

» Continue reading

Participate in the 2016 State of DevOps Survey

Screen Shot 2016-03-22 at 1.06.00 PMAs confirmed by leading research, the adoption of DevOps is helping IT organizations deploy applications faster, have fewer outages and recover from them quicker. We are excited to be a part of the latest DevOps research and sponsor this year’s State of DevOps survey. Our technology partner Puppet Labs, Inc., in cooperation with the DevOps Research and Assessment (DORA) group, founded by IT and development experts Gene Kim, Jez Humble and Nicole Forsgren is conducting the 2016 State of DevOps survey.

This year’s survey explores the following areas:

  • The impact of quality and stability measures on the bottom line
  • The role of security and compliance in DevOps environments
  • The influence of DevOps practices on quality
  • The extent of containers’
» Continue reading

Creating the optimal customer journey using analytics

Understanding the customer journey is currently a hot topic. This is because being able to deliver the right information and messaging to all consumers at every touch point is now a critical element of brand success.

Tracking customer journeys is an omni-channel challenge, but in many journeys there is some form of online interaction – which makes this channel a pivotal element in the process.

For me, the most interesting thing about online customer journeys is the fact that there is typically a divergence between how brands design and perceive the customer journey and the actual route taken by consumers. This is why being able to accurately track each interaction during the customer journey is critical.

The work that Splunk …

» Continue reading