For my last blog we discussed a Splunk topic geared towards the Windows side of the shop (Splunking Microsoft Windows Firewalls). So now it’s time to show some love to the Linux admins out there. More specifically, in today’s blog we will explore some tips for gaining insight into Linux audit logs using Splunk.
The Linux Audit system provides a way to track security-relevant information on your...
Accelerated data models have made performing searches over large periods of time and/or large amounts of data extremely fast. This blog will go through an easy, cut through, step by step procedure on how to create a custom search while leveraging the CIM data model.
Example Use Case: Monitor all Windows user/computer account creation.
Step 1: Make sure Windows data is coming into Splunk according to best practices. This means the data should be properly indexed, sourcetyped, etc.
Step 2:...
Big Data surrounds us all, in some shape or form. Typically Big Data (billions or trillions of vast and complex records) is so large, that it requires new and powerful computational resources to process and store. These gigantic sets of data can be analyzed to comprehend patterns, associations, trends, and statistics that help better understand user experience, human behavior, interactions, engagement, etc.
Big Data analysis, such as the services offered by our Function1 Operational Intelligence team, can be provided for a range of industries including but not limited to: financial...
In this blog we'd like to discuss masking or obscuring data in Splunk. We’ve had customers in the past ask us how to mask data at both search and index-time. Usually this is to hide personally identifiable information either for security, compliance or both. In this post we’ll cover several different approaches for doing this in Splunk and discuss some pros and cons.
For each of the approaches we will use the following sample data from a fictitious HR application:
sourcetype = hr_app
sample event = “This is an event with a sensitive number in it...
"That’s the secret to life" as Snoopy says. And in Splunk, lookup tables are the secret to data enrichment.
...
Without exception, if you are an experienced security analyst, then you know the importance of firewall logs and the invaluable network traffic related data that they provide. Many of the key strategies of information security revolve around the network traffic of an organization and the rules that govern it. No matter the type of firewall, whether it is a hardware appliance or a software/OS level...
Intro
So you did it. You early adopter you! You love having the latest and greatest Splunk Enterprise has to offer and upgraded to Splunk Enterprise 6.2. The new UI is snazzy, the new regex field extractor wizard is magical, the Search Head Clustering feature is what we've all been waiting for, and how about that savvy new App bar display? And that is not all Splunk Enterprise 6.2 has to offer. Here’s the situation: you are on your Splunk 6.2 instance and you navigate over to the settings drop-down and...
When I am at client sites I often get asked how they can get a better understanding of what is going on in their Splunk environment. A recent client wanted to understand what dashboards were being used the most in their environment and who were the top users. What a great thought! I knew that Splunk had to have a way to track this. It was just a matter of locating the data and then determining the best way to pull it. After going back and forth between metadata and the internal index, I came across this in Splunk’s internal index.
...
New York | Washington, DC | Toronto
Phone: 202.888.6434
Email: info@function1.com
Function1, Inc. Copyright 2024. All Rights Reserved