In this post I would like to cover how to add some really great visualizations to a dashboard in Splunk. I will cover how to use D3.js, a third-party javascript visualization library, and Splunk's JS stack.
D3.js (or just D3 for Data-Driven Documents) is a “JavaScript library that uses digital data to drive the...
For my last blog we discussed a Splunk topic geared towards the Windows side of the shop (Splunking Microsoft Windows Firewalls). So now it’s time to show some love to the Linux admins out there. More specifically, in today’s blog we will explore some tips for gaining insight into Linux audit logs using Splunk.
The Linux Audit system provides a way to track security-relevant information on your...
Big Data surrounds us all, in some shape or form. Typically Big Data (billions or trillions of vast and complex records) is so large, that it requires new and powerful computational resources to process and store. These gigantic sets of data can be analyzed to comprehend patterns, associations, trends, and statistics that help better understand user experience, human behavior, interactions, engagement, etc.
Big Data analysis, such as the services offered by our Function1 Operational Intelligence team, can be provided for a range of industries including but not limited to: financial...
In this blog we'd like to discuss masking or obscuring data in Splunk. We’ve had customers in the past ask us how to mask data at both search and index-time. Usually this is to hide personally identifiable information either for security, compliance or both. In this post we’ll cover several different approaches for doing this in Splunk and discuss some pros and cons.
For each of the approaches we will use the following sample data from a fictitious HR application:
sourcetype = hr_app
sample event = “This is an event with a sensitive number in it...
"That’s the secret to life" as Snoopy says. And in Splunk, lookup tables are the secret to data enrichment.
...
Without exception, if you are an experienced security analyst, then you know the importance of firewall logs and the invaluable network traffic related data that they provide. Many of the key strategies of information security revolve around the network traffic of an organization and the rules that govern it. No matter the type of firewall, whether it is a hardware appliance or a software/OS level...
When I am at client sites I often get asked how they can get a better understanding of what is going on in their Splunk environment. A recent client wanted to understand what dashboards were being used the most in their environment and who were the top users. What a great thought! I knew that Splunk had to have a way to track this. It was just a matter of locating the data and then determining the best way to pull it. After going back and forth between metadata and the internal index, I came across this in Splunk’s internal index.
...
Splunk ES – Creating Custom Correlation Searches
In today's blog I will be discussing one of the very valuable features of the Splunk App for Enterprise Security. Correlation searches provide a very highly customizable level of security based detection and alerting within Splunk and ES.
What is a Correlation Search?
A correlations search is a type of saved search used to detect suspicious events or patterns in your data. If a suspicious event is detected, a notable event is created. The notable event...
Splunk is a journey. Whether you are a newbie playing around with Splunk on your local machine or have a multi-instance distributed Splunk deployment, your knowledge of Splunk is always evolving. Typically, the more you know about Splunk, the more you want to do with Splunk. Often, proof of concepts (POCs) turn into production environments and soon enough you’re increasing your license and looking into new architecture. Congratulations, you have become a full on Splunk ninja! Now, how do we migrate your current Splunk deployment to ‘beefier’ hardware,...
New York | Washington, DC | Toronto
Phone: 202.888.6434
Email: info@function1.com
Function1, Inc. Copyright 2024. All Rights Reserved