Improving Visibility in Security Operations with Search-Driven Lookups

Looking back on 2016, Splunk Enterprise Security added significant capabilities to its platform for security operations, including Adaptive Response, User & Entity Behavior Analytics (UEBA) integration and Glass Tables.  Another capability that was added, but has received less attention is a new type of search that Splunk calls Search-Driven Lookups.  Because there has not been as much attention put to this, I wanted to share a bit about this capability and how it can be used.

Search-Driven Lookups originated from a question that users of legacy SIEM providers often asked; how can Splunk dynamically create watchlists that can then be used in correlating new events against a watchlist?  Enterprise Security has had the ability to correlate against a …

» Continue reading

Dashboard Digest Series – Episode 5: Maps!

splunk_maps“A map does not just chart, it unlocks and formulates meaning; it forms bridges between here and there, between disparate ideas that we did not know were previously connected.” ― Reif Larsen, The Selected Works of T.S. Spivet

Welcome to Episode 5 of the Dashboard Digest series!

Maps play a critical role in visualizing machine data in almost any industry for thousands of use cases.  We’ve been continuously adding more mapping functionality to Splunk and with the recent addition of Custom Visualizations in Splunk 6.4 you (the community) have too!  This is exciting news as I’ve noticed many times the first panel on a dashboard that draws attention is a map.  The best part is that each of these displays …

» Continue reading

Gaze into Splunk’s Crystal Ball for What’s to Come in 2017

social-splunk-2017predictionsLast year, a team of Splunkers came up with several predictions for what 2016 would bring in the fields of IT, security, and big data. This year we’ve done it again, looking into our crystal ball (or industry experience) to share our prophecies for 2017.

But first, let’s look back at some of the hits and misses of what we predicted for 2016.

Behavioral analysis will shift from an emphasis on user credentials to machine-to-machine credentials.

Haiyan Song, our SVP of security markets, predicted that “anomaly detection will become less about analyzing users or entities and more about leveraging machine learning and data science.” While there’s still a way to go, this has begun to come true: As

» Continue reading

Splunk App for Jenkins: Increase quality and velocity of your software releases

jenkins-stickersMore than 12,000 customers are using Splunk software to monitor their critical services. They are deploying Splunk software on-premises or using Splunk Cloud, across a variety of operating systems, different deployment configurations and scale complexities. As a result, ensuring the highest Splunk software quality is of paramount importance.

To help with this endeavor, our engineering team is running most of our development and testing workflows using the Jenkins platform. The complexity of developing and testing Splunk software across various configurations has resulted in a massive Jenkins deployment infrastructure with multiple clusters, with more than 500 slaves per master running thousands of jobs per day. Previously, analyzing Jenkins data at this scale manually was not possible. As a result, our …

» Continue reading

Table Datasets – Data Prep & Analysis without SPL

One of the highlights of Splunk Enterprise 6.5 is Table Datasets. It’s a significant breakthrough that improves productivity and unleashes the power of machine data analysis to a much broader set of users across your organization.

Go Get It! Splunk Enterprise customers need to upgrade to 6.5 then download the Splunk Datasets Add-on from Splunkbase to install the feature – and over 3000 customers have already! Splunk Cloud customers have it pre-installed as part of their standard upgrade.

With Table Datasets:

  • Power users can more easily prep data into a structured format that’s ready for downstream users to put to use for analysis
  • Occasional, non-proficient users can further refine the data, perform in-depth analysis and generate reports – all without
» Continue reading

The Splunk 12 Days Of Christmas

Flakes

Splunk_Twitter-Card_Santa_Ad1_v3Ho Ho Ho! I hope you’re all ready for Christmas and the holiday season. From (Yule) log files to ERP (Enhanced Reindeer Planning) systems to wood burning fire-walls and NOCs (Noel Operations Centre), a lot of organisations have done some amazing things with their machine data this year. In the spirit of sharing gifts, I give you the Splunk 12 Days Of Christmas featuring some of those customers who’ve improved their operations using Splunk as a machine data fabric. Have a great festive season and enjoy the stories below:

As always, thanks for reading

» Continue reading

Gatwick Airport lands passenger experience & operational efficiency with IoT, analytics and Splunk Cloud.

Gatwick-AirportBIG

95% of passengers through security in 5 mins or less.

We’ve all been there, stuck at an airport, flight delayed, watching the departures board, trying to find somewhere to sit down and wanting to set off to where you’re going or just get home. Gatwick Airport, the busiest single runway airport in the world, processing up to 945 flights per day is striving to make this situation a thing of the past. I’m delighted to announce that they are using data from the Internet of Things and Splunk Cloud to improve the passenger experience and enhance operational efficiencies across the airport. Gatwick are using their machine data to deliver historic, real-time and predictive analytics to ensure a faster journey through the …

» Continue reading

Black Friday. How Machine Data and Real-Time Analytics Underpins Online Retail

black-fridayBlack Friday and Cyber Monday are nearly upon us with reports stating that up to 4bn pounds could be spent over the course of the week, with 42% of purchases made online. So far, the sheer number of sensor enabled, Bluetooth connected toothbrushes on offer risks redefining IoT as the “Internet of Teeth”. I guess a lot of those toothbrushes will be “filling” Christmas stockings (sorry). On a more serious note, machine data, real-time analytics and Operational Intelligence are going to play an important part in Black Friday and Cyber Monday in four main ways:

 

  • Underpinning the IT infrastructure that makes up an online retailers digital services
  • Securing consumers and organisations from fraud, breaches and insider threats
  • Ensuring the
» Continue reading

ING Bank at Gartner Symposium. Delivering business value from operational insights.

ING_logo-1024x768Last week was EMEA’s Gartner Symposium and it was a pretty busy week. Thousands of CIOs, senior IT leaders and IT companies converged on a very windy Barcelona. We were lucky enough to have ING Bank speaking about how it uses Splunk to deliver business value from IT and ensure its customers are happy. ING Bank Slaski in Poland has over four million customers monitored by Splunk. ING’s IT goal is to make sure they are listening to the voice of the customer “to stay a step ahead in life and business” by:

  • Making it clear and easy to use ING’s banking services
  • Allowing customers access to those services anytime and anywhere
  • Empowering users to self serve and make use
» Continue reading

Dashboard Digest Series – Episode 4 – NFL Predictions

In Episode 4 we will take a look at the four downs of football. We used the Machine Learning Toolkit and more than a decade of NFL data to build models to make predictions during NFL games.

In order to make it quick and easy to plug in a scenario and visualize the most likely outcomes, we made a simple dashboard so editors at Sports Illustrated could try it out during a game. You may have seen the dashboard if you were watching CNN before the Super Bowl earlier this year:

Purpose: Predict the next play
Splunk Version: Splunk 6.4
Data Sources: Every NFL play and player since 1999
Apps: Machine Learning Toolkit, Shapester

The data contains a lot of fields

» Continue reading