Integrating External Asset Databases with the Splunk App for Enterprise Security

Overview

In this post I'd like to cover an approach for integrating an external asset database with the Splunk App for Enterprise Security (ES).  This post is relevant for people just starting out with ES or who have used it for a while and want to improve the integration of their assets information with the application. 

For those wondering what an assets list is in the context of ES, it's a list containing information (such as...


Splunk, Now You See Me, Now you Don't!

Splunk allows customers the flexibility to create their own visualizations. While at a customer we created a cool way to hide and have panels pop up when you click on a single panel. All of these searches are internal so you can test on your Splunk Instance, and then change it to your desired results!

 

The Simple XML will look something like this: 

 

<dashboard script="example_single_panel_inline_drilldown.js">

<label>Single panel inline drilldown</label>

<row...
          

Storing Terabytes to Petabytes of Data? A Formidable Solution: NetApp's E-Series

Organizations around the world and throughout many industries are continuously producing massive amounts of data that need to be analyzed, tracked, and safely stored. 

As we know, Splunk enables us to produce an insight through an analysis and through dashboards of 'Big Data’ applications and workloads. Splunk provides us with the most accurate results, yet an appropriate storage system is needed for those organizations that are managing and storing terabytes to petabytes of critical data. NetApp’s E-Series storage systems were designed to handle the high performance and reliability...


Normalizing Data Fields using Eval and Case

BACKGROUND

Lately I’ve been working with a lot of Windows Security logs with different Event Codes. I wanted to set the field “src_user” but Splunk was auto-extracting field value pairs to other field names. This was particularly frustrating because I wanted to map events with different Event Codes to the same data model. In order to map different fields to “src_user,” I would need to normalize the different field names to “src_user.” Below, I go though an example using a case statement that worked perfectly and may be useful to others who come across a similar issue.

...

Splunk SDK for Python: Getting Data In

Splunk SDK for Python: Getting Data In

Data is a pivotal part of a Splunk Enterprise deployment.  Every configuration and enhancement we make is centered on a particular dataset. As a result, Splunk provides different options for getting data into Splunk Enterprise in order to turn that data into decision-making information. The most common ways of getting data into Splunk are via UF forwarders, syslog, scripted inputs, and modular inputs.  For this post, I’m going to focus on getting data from a remote interface into Splunk via HTTP utilizing Splunk SDK for Python...


Function1 Announces Sponsorship of .conf2015

Function1 today announced it is a Giga sponsor of .conf2015: The 6th Annual Splunk Worldwide Users' Conference. .conf2015 will feature more than 165 sessions, including more than 80 customer presentations, and is expected to attract thousands of IT, security and business professionals who know the value of their data. The conference will be held September 21 – 24, at the MGM Grand Las Vegas, with three days of optional education classes through Splunk University®, September 19 – 21, 2015.

Longtime Splunk partner and one of...


Being Unique is All About Being Different

Unique: (adjective) Existing as the only one.

Being unique is something we strive for, to be the only one of “us”. Wouldn’t you like for your Splunk app to be the same? For customers to use your app and see your color, your logo, your complete customization.

 

Here is my app, F1 Demo, as “bare bones” or basic.


Adding D3 Visualizations to Splunk Dashboards

Introduction

In this post I would like to cover how to add some really great visualizations to a dashboard in Splunk.  I will cover how to use D3.js, a third-party javascript visualization library, and Splunk's JS stack. 

D3.js (or just D3 for Data-Driven Documents) is a “JavaScript library that uses digital data to drive the...


Splunking the Linux Audit System

For my last blog we discussed a Splunk topic geared towards the Windows side of the shop (Splunking Microsoft Windows Firewalls). So now it’s time to show some love to the Linux admins out there. More specifically, in today’s blog we will explore some tips for gaining insight into Linux audit logs using Splunk.

A little background on the Linux Audit System

The Linux Audit system provides a way to track security-relevant information on your...


Stay In Touch