Splunk Alerts in Slack!

Here at Function1 we use Slack in order to stay in constant contact with our co-workers. If you haven't heard of Slack before, Slack is a team chat and communication tool. We use it to talk about our projects, company announcements, sports, random water cooler talk, technical questions, etc. Slack has integration built-in with a lot of services. We rely heavily on the GitHub, Asana, and Twitter integrations, but they have many others.
 
Since we do a lot of Splunk development for our own projects and our clients, we thought, "...

Red Hat Storage Server, an Innovative Hybrid Storage Solution for Big Data

Big Data surrounds us all, in some shape or form. Typically Big Data (billions or trillions of vast and complex records) is so large, that it requires new and powerful computational resources to process and store. These gigantic sets of data can be analyzed to comprehend patterns, associations, trends, and statistics that help better understand user experience, human behavior, interactions, engagement, etc.

Big Data analysis, such as the services offered by our Function1 Operational Intelligence team, can be provided for a range of industries including but not limited to: financial...


Anonymizing Data in Splunk

Introduction

In this blog we'd like to discuss masking or obscuring data in Splunk.  We’ve had customers in the past ask us how to mask data at both search and index-time.  Usually this is to hide personally identifiable information either for security, compliance or both.  In this post we’ll cover several different approaches for doing this in Splunk and discuss some pros and cons.

For each of the approaches we will use the following sample data from a fictitious HR application:

sourcetype = hr_app
sample event = “This is an event with a sensitive number in it...


Splunking Microsoft Windows Firewalls

Intro

Without exception, if you are an experienced security analyst, then you know the importance of firewall logs and the invaluable network traffic related data that they provide. Many of the key strategies of information security revolve around the network traffic of an organization and the rules that govern it. No matter the type of firewall, whether it is a hardware appliance or a software/OS level...


Every Click You Make, Splunk is Watching You…

 

When I am at client sites I often get asked how they can get a better understanding of what is going on in their Splunk environment. A recent client wanted to understand what dashboards were being used the most in their environment and who were the top users. What a great thought! I knew that Splunk had to have a way to track this. It was just a matter of locating the data and then determining the best way to pull it. After going back and forth between metadata and the internal index, I came across this in Splunk’s internal index.

...

Splunk ES - Lets Correlate

Splunk ES – Creating Custom Correlation Searches

 

In today's blog I will be discussing one of the very valuable features of the Splunk App for Enterprise Security. Correlation searches provide a very highly customizable level of security based detection and alerting within Splunk and ES.

 

What is a Correlation Search?

A correlations search is a type of saved search used to detect suspicious events or patterns in your data. If a suspicious event is detected, a notable event is created. The notable event...


Ninjas on a Mission: Things to Know When Migrating Your Splunk Deployment

Splunk is a journey. Whether you are a newbie playing around with Splunk on your local machine or have a multi-instance distributed Splunk deployment, your knowledge of Splunk is always evolving. Typically, the more you know about Splunk, the more you want to do with Splunk. Often, proof of concepts (POCs) turn into production environments and soon enough you’re increasing your license and looking into new architecture. Congratulations, you have become a full on Splunk ninja! Now, how do we migrate your current Splunk deployment to ‘beefier’ hardware,...


Clustering: It's Not Just For Indexers

The release of Splunk Enterprise 6.2 introduced several great new features and enhancements. The new capabilities center around a new faster interface designed to assist with data onboarding, easier analytics and event pattern detection, and improved scalability and centralized management. While I would definitely recommend exploring the first two topics, this blog will focus on the latter. Core to the improvements in scalability and centralized management within Splunk Enterprise 6.2 is the introduction of Search Head Clustering. Search Head Clustering (SHC) is a direct replacement for...


Jazzing Up Your Dashboards: Dynamic Drilldown 101

Time and time again, our customers find the most value in Splunk when they can visualize their data. By using the tokenization of certain fields, customers have the ability to drilldown into certain elements of their data. Drilling down into maps, charts, and graphs within the same dashboard, gives customers the ability to pinpoint problems and solutions quickly and efficiently. Now that Splunk utilizes simple XML for dashboard design, jazzing up your dashboards is easier than ever before!

Using sample data, I will walk you through some of these dynamic features below.

...


Stay In Touch