Data Model Acceleration Enforcement

Data Model Acceleration Enforcement

We have seen a few customers run into the following "gotcha" regarding data model acceleration.  Whether it be for temporary or permanent reasons, a user disables acceleration on a data model, which myesteriously is re-enabled after a restart.  To counter this, a feature called Data Model Acceleration Enforcement allows administrators to lock acceleration.  This feature is found under "Setting" > "Data Models."  Here’s how it works:

Through the user interface:

I will be using one of the default...

Integrating External Asset Databases with the Splunk App for Enterprise Security


In this post I'd like to cover an approach for integrating an external asset database with the Splunk App for Enterprise Security (ES).  This post is relevant for people just starting out with ES or who have used it for a while and want to improve the integration of their assets information with the application. 

For those wondering what an assets list is in the context of ES, it's a list containing information (such as...

Splunking Microsoft Windows Firewalls


Without exception, if you are an experienced security analyst, then you know the importance of firewall logs and the invaluable network traffic related data that they provide. Many of the key strategies of information security revolve around the network traffic of an organization and the rules that govern it. No matter the type of firewall, whether it is a hardware appliance or a software/OS level...

MS Windows, Splunk App for Enterprise Security 3.0 and the Case of the Disappearing Assets and Identities

Are you wondering where your Assets are?  Why you can't find your identities, perhaps? Are you on Windows? With the recent release of version 3.0, there has been huge improvements in the power of the ES app, and the ease of its use. The Assets and Identities are one of the cornerstones of the ES app, and there is a major change in the way these files operate in ES 3.0 compared to ES 2.4.

Asset management provides additional information about the source and targets of events. This information can be used to correlate multiple events to a single host, identify the location of the host...

Splunk App for Enterprise Security and PCI Compliance Correlation Search Drill-downs


Welcome! In this post we'll talk about time ranges in correlation search drill-downs in two apps, the Splunk App for Enterprise Security (ES) and The Splunk App for PCI Compliance (PCI).

Correlation Searches and Drilling Down

Okay, so what exactly are we talking about regarding correlation searches and drilling-down? ...

Stay In Touch