Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk
From one of the most active contributors to Splunk Answers and the IRC channel, this session covers those less popular but still super powerful commands, such as "map", "xyseries", "contingency" and others. This session also showcases tricks such as "eval host_{host} = Value" to dynamically create fields based on other field values, and searches that show concurrency based on start/end times within an event (using gentimes).
Power of Splunk Search Processing Language (SPL) ...Splunk
This session will unveil the power of the Splunk Search Processing Language (SPL). See how to use Splunk's simple search language for searching and filtering through data, charting statistics and predicting values, converging data sources and grouping transactions, and finally data science and exploration. We'll begin with basic search commands and build up to more powerful advanced tactics to help you harness your Splunk Fu!
Ever want to know the status of a device, host, or ip as it currently stands even after the log data that it generates is already in Splunk? In this track, we'll show you how simple custom built search commands can interrogate your host or ip to get the current status for common tasks such as ping, http, telnet server availability, anonymous ftp, trace route, and finger. In this context, you'll be making your Splunk instance an active interrogator of your network to get the most up to date status and can even save the results into a Splunk index for historical or analytic purposes. You can even alert on the responses. We'll also show you the minimum on how to write a Splunk search command in Python to do this and provide examples.
Splunk conf2014 - Lesser Known Commands in Splunk Search Processing Language ...Splunk
From one of the most active contributors to Splunk Answers and the IRC channel, this session covers those less popular but still super powerful commands, such as "map", "xyseries", "contingency" and others. This session also showcases tricks such as "eval host_{host} = Value" to dynamically create fields based on other field values, and searches that show concurrency based on start/end times within an event (using gentimes).
Power of Splunk Search Processing Language (SPL) ...Splunk
This session will unveil the power of the Splunk Search Processing Language (SPL). See how to use Splunk's simple search language for searching and filtering through data, charting statistics and predicting values, converging data sources and grouping transactions, and finally data science and exploration. We'll begin with basic search commands and build up to more powerful advanced tactics to help you harness your Splunk Fu!
Ever want to know the status of a device, host, or ip as it currently stands even after the log data that it generates is already in Splunk? In this track, we'll show you how simple custom built search commands can interrogate your host or ip to get the current status for common tasks such as ping, http, telnet server availability, anonymous ftp, trace route, and finger. In this context, you'll be making your Splunk instance an active interrogator of your network to get the most up to date status and can even save the results into a Splunk index for historical or analytic purposes. You can even alert on the responses. We'll also show you the minimum on how to write a Splunk search command in Python to do this and provide examples.
The simplicity and variability of searches can be a blessing and a curse. How can you tell if searches are really efficient? Splunk has a job inspector, but what do all the options mean? Are you using the right commands for your goal? Is there a better way to do this? This session will review the internals of how a search is performed, use of job inspector, search log, review of where and when to use certain commands.
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
Splunk Ninjas: New features, pivot, and search dojoSplunk
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
Five Things I Learned While Building Anomaly Detection Tools - Toufic Boubez ...tboubez
This is my presentation from LISA 2014 in Seattle on November 14, 2014.
Most IT Ops teams only keep an eye on a small fraction of the metrics they collect because analyzing this haystack of data and extracting signal from the noise is not easy and generates too many false positives.
In this talk I will show some of the types of anomalies commonly found in dynamic data center environments and discuss the top 5 things I learned while building algorithms to find them. You will see how various Gaussian based techniques work (and why they don’t!), and we will go into some non-parametric methods that you can use to great advantage.
Workshop: Big Data Visualization for SecurityRaffael Marty
Big Data is the latest hype in the security industry. We will have a closer look at what big data is comprised of: Hadoop, Spark, ElasticSearch, Hive, MongoDB, etc. We will learn how to best manage security data in a small Hadoop cluster for different types of use-cases. Doing so, we will encounter a number of big-data open source tools, such as LogStash and Moloch that help with managing log files and packet captures.
As a second topic we will look at visualization and how we can leverage visualization to learn more about our data. In the hands-on part, we will use some of the big data tools, as well as a number of visualization tools to actively investigate a sample data set.
DEEPSEC 2013: Malware Datamining And AttributionMichael Boman
Greg Hoglund explained at BlackHat 2010 that the development environments that malware authors use leaves traces in the code which can be used to attribute malware to a individual or a group of individuals. Not with the precision of name, date of birth and address but with evidence that a arrested suspects computer can be analysed and compared with the "tool marks" on the collected malware sample.
Getting Started with Splunk Enterprise - DemoSplunk
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Splunk Ninja: New Features, Pivot and Search DojoSplunk
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
The simplicity and variability of searches can be a blessing and a curse. How can you tell if searches are really efficient? Splunk has a job inspector, but what do all the options mean? Are you using the right commands for your goal? Is there a better way to do this? This session will review the internals of how a search is performed, use of job inspector, search log, review of where and when to use certain commands.
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
Splunk Ninjas: New features, pivot, and search dojoSplunk
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
Five Things I Learned While Building Anomaly Detection Tools - Toufic Boubez ...tboubez
This is my presentation from LISA 2014 in Seattle on November 14, 2014.
Most IT Ops teams only keep an eye on a small fraction of the metrics they collect because analyzing this haystack of data and extracting signal from the noise is not easy and generates too many false positives.
In this talk I will show some of the types of anomalies commonly found in dynamic data center environments and discuss the top 5 things I learned while building algorithms to find them. You will see how various Gaussian based techniques work (and why they don’t!), and we will go into some non-parametric methods that you can use to great advantage.
Workshop: Big Data Visualization for SecurityRaffael Marty
Big Data is the latest hype in the security industry. We will have a closer look at what big data is comprised of: Hadoop, Spark, ElasticSearch, Hive, MongoDB, etc. We will learn how to best manage security data in a small Hadoop cluster for different types of use-cases. Doing so, we will encounter a number of big-data open source tools, such as LogStash and Moloch that help with managing log files and packet captures.
As a second topic we will look at visualization and how we can leverage visualization to learn more about our data. In the hands-on part, we will use some of the big data tools, as well as a number of visualization tools to actively investigate a sample data set.
DEEPSEC 2013: Malware Datamining And AttributionMichael Boman
Greg Hoglund explained at BlackHat 2010 that the development environments that malware authors use leaves traces in the code which can be used to attribute malware to a individual or a group of individuals. Not with the precision of name, date of birth and address but with evidence that a arrested suspects computer can be analysed and compared with the "tool marks" on the collected malware sample.
Getting Started with Splunk Enterprise - DemoSplunk
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Splunk Ninja: New Features, Pivot and Search DojoSplunk
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
Guia Prático em Linguagem de Processamento de Buscas (LPB)
Explorando Splunk fornece uma introdução ao Splunk, combinadas com soluções para os problemas do mundo real.
If you’re just getting started with Splunk, this session will help you understand how to use Splunk software to turn your silos of data into insights that are actionable. In this session, we’ll dive right into a Splunk environment and show you how to use the simple Splunk search interface to quickly find the needle-in-the-haystack or multiple needles in multiple haystacks. We’ll demonstrate how to perform rapid ad-hoc searches to conduct routine investigations across your entire IT infrastructure in one place, whether physical, virtual or in the cloud. We’ll show you how to then convert these searches into real time alerts and dashboards, so you can proactively monitor for problems before they impact your end user. We’ll demonstrate how you can use Splunk to connect the dots across heterogeneous systems in your environment for cross-tier, cross-silo visibility. You’ll have access to a demo environment. So, don’t forget to bring your laptop and follow along for a hands-on experience.
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
Splunk Tutorial for Beginners - What is Splunk | EdurekaEdureka!
This Splunk tutorial will help you understand what is Splunk, benefits of using Splunk, Splunk vs ELK vs Sumo Logic, Splunk architecture - Splunk Forwarder, Indexer and Search Head with the help of Dominos use-case, Splunk careers & jobs. Check the Splunk tutorial video here: https://www.youtube.com/watch?v=Ekai8Ln11Iw. You can also read the tutorial blog here: https://goo.gl/eoZFWV.
The slides consist of following topics:
Need for Data Management & Analytics
What is Splunk and Why Splunk?
Splunk vs ELK vs Sumo Logic
Splunk Use Case: Domino's
How Splunk Works? Splunk Architecture
Heavy Forwarders
Splunk Architecture Diagram
Splunk Jobs & Careers
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
Presented at Black Hat 2019
https://www.blackhat.com/us-19/briefings/schedule/index.html#fantastic-red-team-attacks-and-how-to-find-them-16540
Casey Smith (Red Canary)
Ross Wolf (Endgame)
bit.ly/fantastic19
Abstract:
Red team testing in organizations over the last year has shown a dramatic increase in detections mapped to MITRE ATT&CK™ across Windows, Linux and macOS. However, many organizations continue to miss several key techniques that, unsurprisingly, often blend in with day-to-day user operations. One example includes Trusted Developer Utilities which can be readily available on standard user endpoints, not just developer workstations, and such applications allow for code execution. Also, XSL Script processing can be used as an attack vector as there are a number of trusted utilities that can consume and execute scripts via XSL. And finally, in addition to these techniques, trusted .NET default binaries are known to allow unauthorized execution as well, these include tools like InstallUtil, Regsvcs and AddInProcess. Specific techniques, coupled with procedural difficulties within a team, such as alert fatigue and lack of understanding with environmental norms, make reliable detection of these events near impossible.
This talk summarizes prevalent and ongoing gaps across organizations uncovered by testing their defenses against a broad spectrum of attacks via Atomic Red Team. Many of these adversary behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by nuisance events.
Additionally, we introduce and demonstrate the open-sourced Event Query Language for creating high signal-to-noise analytics that close these prevalent behavioral gaps. EQL is event agnostic and can be used to craft analytics that readily link evidence across long sequences of log data. In a live demonstration, we showcase powerful but easy to craft analytics that catch adversarial behavior most commonly missed in organizations today.
Sensu and Sensibility - Puppetconf 2014Tomas Doran
As the Yelp infrastructure and engineering team grew, so did the pain of managing Nagios. Problems like splitting alerting across multiple teams, providing high availability and managing nagios systems in multiple environments had become pressing. As we grew towards a service oriented architecture and pushed some services out into the cloud, we rapidly needed more automated monitoring configuration.
An evolutionary solution wasn’t going to solve all of our problems, we needed to revolutionize our monitoring. Sensu is built from the ground up to solve many of our issues and be easy to extend.
This talk covers our puppet ‘monitoring_check’ API (that sets up monitoring for our services within puppet), how and why we deploy Sensu and our custom handlers and escalations, along with how we provide automatic ‘self service’ monitoring for dynamic services and how we deal with the challenges posed by the more ephemeral nature of cloud architectures.
This presentation was given to a group of SFS students at GW. It's designed to be semi-case study driven on the problems I've encountered on assessments and how programming can help solve them.
PyCon AU 2012 - Debugging Live Python Web ApplicationsGraham Dumpleton
Monitoring tools record the result of what happened to your web application when a problem arises, but for some classes of problems, monitoring systems are only a starting point. Sometimes it is necessary to take more intrusive steps to plan for the unexpected by embedding mechanisms that will allow you to interact with a live deployed web application and extract even more detailed information.
Beyond unit tests: Deployment and testing for Hadoop/Spark workflowsDataWorks Summit
As a Hadoop developer, do you want to quickly develop your Hadoop workflows? Do you want to test your workflows in a sandboxed environment similar to production? Do you want to write unit tests for your workflows and add assertions on top of it?
In just a few years, the number of users writing Hadoop/Spark jobs at LinkedIn have grown from tens to hundreds and the number of jobs running every day has grown from hundreds to thousands. With the ever increasing number of users and jobs, it becomes crucial to reduce the development time for these jobs. It is also important to test these jobs thoroughly before they go to production.
We’ve tried to address these issues by creating a testing framework for Hadoop/Spark jobs. The testing framework enables the users to run their jobs in an environment similar to the production environment and on the data which is sampled from the original data. The testing framework consists of a test deployment system, a data generation pipeline to generate the sampled data, a data management system to help users manage and search the sampled data and an assertion engine to validate the test output.
In this talk, we will discuss the motivation behind the testing framework before deep diving into its design. We will further discuss how the testing framework is helping the Hadoop users at LinkedIn to be more productive.
Security Monitoring for big Infrastructures without a Million Dollar budgetJuan Berner
Nowadays in an increasingly more complex and dynamic network its not enough to be a regex ninja and storing only the logs you think you might need. From network traffic to custom logs you won't know which logs will be crucial to stop the next attacker, and if you are not planning to spend a half of your security budget in a commercial solution we will show you a way to building you own SIEM with open source. The talk will go from how to build a powerful logging environment for your organization to scaling on the cloud and storing everything forever. We will walk through how to build such a system with open source solutions as Elasticsearch and Hadoop, and creating your own custom monitoring rules to monitor everything you need. The talk will also include how to secure the environment and allow restricted access to other teams as well as avoiding common pitfalls and ensuring compliance standards.
DockerCon Europe 2018 Monitoring & Logging WorkshopBrian Christner
This is the Docker Logging & Monitoring workshop completed during DockerCon 2018 Europe. We cover how to build native tools in Docker, deploy an ELK stack, and Prometheus with cAdvisor, node-exporter, Prometheus, and Grafana stack
Eko10 - Security Monitoring for Big Infrastructures without a Million Dollar ...Hernan Costante
Nowadays in an increasingly more complex and dynamic network its not enough to be a regex ninja and storing only the logs you think you might need. From network traffic to custom logs you won't know which logs will be crucial to stop the next attacker, and if you are not planning to spend a half of your security budget in a commercial solution we will show you a way to building you own SIEM with open source. The talk will go from how to build a powerful logging environment for your organization to scaling on the cloud and storing everything forever. We will walk through how to build such a system with open source solutions as Elasticsearch and Hadoop, and creating your own custom monitoring rules to monitor everything you need. The talk will also include how to secure the environment and allow restricted access to other teams as well as avoiding common pitfalls and ensuring compliance standards.
Monitoring Big Data Systems - "The Simple Way"Demi Ben-Ari
Once you start working with distributed Big Data systems, you start discovering a whole bunch of problems you won’t find in monolithic systems.
All of a sudden to monitor all of the components becomes a big data problem itself.
In the talk we’ll mention all of the aspects that you should take in consideration when monitoring a distributed system once you’re using tools like:
Web Services, Apache Spark, Cassandra, MongoDB, Amazon Web Services.
Not only the tools, what should you monitor about the actual data that flows in the system?
And we’ll cover the simplest solution with your day to day open source tools, the surprising thing, that it comes not from an Ops Guy.
Demi Ben-Ari is a Co-Founder and CTO @ Panorays.
Demi has over 9 years of experience in building various systems both from the field of near real time applications and Big Data distributed systems.
Describing himself as a software development groupie, Interested in tackling cutting edge technologies.
Demi is also a co-founder of the “Big Things” Big Data community: http://somebigthings.com/big-things-intro/
Elasticsearch Performance Testing and Scaling @ SignalJoachim Draeger
In this talk I describe the specific challenges that we faced at Signal to make our use case scale. I then go into detail on how we benchmarked single queries and different shard configurations. You can try the experiments yourself using The Signal Media One-Million News Articles Dataset, a Docker Compose stack and some scripts provided here: https://github.com/joachimdraeger/elasticsearch-performance-experiments.
I also got the great advice to have a look at https://github.com/elastic/rally which can also give you summaries for test runs.
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...apidays
apidays LIVE New York - API for Legacy Industries: Banking, Insurance, Healthcare and Retail
Navigating the Sea of Javascript Tools to Discover Scalable Tools for Continuous Delivery
Menelaos Kotsollaris, Senior Software Engineer
Viki Green, Senior Software Developer at Trulioo
Thousands of running services on hundreds of machines ask the admins to pay attention. At all times, on all channels, with all available software packages that openSUSE has to offer.
Lars does not only keep an eye on all devices inside SUSE R&D, he is also maintaining some of the biggest packages in the server:monitoring repository like Nagios, Icinga, Shinken, check_mk, mod_gearman, Naemon, PNP4Nagios or the monitoring-plugins (and others).
The integration of some of those packages into a complex, secure and high available monitoring setup together with some tips and tricks and insights into the SUSE R&D infrastructure will be demonstrated.
Thinking DevOps in the era of the Cloud - Demi Ben-AriDemi Ben-Ari
The lines between Development and Operations people have gotten blurry and lots of skills needs to be held by both sides.
In the talk we'll talk about all of the considerations that are needed to be taken when creating a development and production environment, mentioning Continuous Integration, Continuous Deployment and the Buzzword "DevOps", also talking about some real implementations in the industry.
Of course how can we leave out the real enabler of the whole deal,
"The Cloud", Giving us a tool set that makes life much easier when implementing all of these practices.
Similar to SplunkLive! Washington DC May 2013 - Splunk Security Workshop (20)
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
3. Purpose
● Apply analytics to your data via Splunk
● Demonstrate simplicity of doing this
● Lower the barrier to entry to explore your data
4.
5.
6. Doesn't my new hotness do that?
● Yes, no, um, well, kinda
● Sec COTS software reports on what PM wanted
● Signature-based is helpful but misses a lot
● Anomaly can work, but …
● Amazing products exists, but don't do everything
● Maybe you don't have a new hotness
● “Your network” = “Your responsibility”
7. Who Am I?
● Sean Wilkerson, Partner/Consultant, Aplura
8. Who Am I?
● Sean Wilkerson, Partner/Consultant, Aplura
● ~15 Years of Network --> Systems --> InfoSec
● A Decade+ of Federal Log-Management
● Half Spent Deploy/Manage FOSS/SIM/SIEM
● Half Spent Deploy/Manage FOSS/Splunk
● SANS Log Mgmt Summits
● Splunk Pro Serv Partner Since 2008
● Splunk makes me happy
9.
10. Who Are You?
● You Know Splunk is Right for You
● You Know Key Splunk Concepts
● You Don't Have or Don't Want to Rely on
Infosec COTS software
● You Are Analysts!! <--- Really important
11. Splunk 001
● Complex and fast search for machine data
● Concept of “fields” (key=value)
● Thousands of built-in analytic combos
(Learn 5-10 and you can do almost anything)
12. Splunk 101
● Search (boolean)
● Fields (key=value with CIDR)
● Piped “|” expressions/functions
● Lookups
● The “pivot”
13. Quick Disclaimer
● Data exploration could take until ...
● This pres includes many analytic elements
● Not demoed data
● Data is not seeded with gems
● sample_data came from Fed site this week
● Eventgen.py is recirculating sample_data
● Let's explore it together
14. Content Available Now!
Slides: aplura.com/splunklivedc
BestPractice Doc: aplura.com/splunkbp
● Also:
● SplunkLiveDC 2012: aplura.com/splunklivedc2012
● Look Before you SIM: aplura.com/lookbeforeyousim
17. What Time do you Have?
● Concept: Time is bad everywhere and this causes
havoc during investigations. Do periodic time audits
(it takes minutes with Splunk). As an analyst, you can
validate your time BEFORE it is too late (during an
investigation).
➢ * | eval timeDiff=_indextime-_time | timechart avg(timeDiff) by sourcetype
➢ sourcetype=firewalls | eval timeDiff=_indextime-_time | timechart avg(timeDiff)
by host
18. Off-time Activity
● Concept: Off-time activity can indicate a suspicious
system. Splunk events include special built-in fields
that are “time” aware
➢ (NOT (date_wday="Sat" OR date_wday="Sun") AND (date_hour>=20 OR
date_hour<7)) OR date_wday="Sat" OR date_wday="Sun"
Or if you need to “create” those built-in fields
➢ * | eval date_wday=strftime(_time,"%a") | eval date_hour=strftime(_time, "%H")
| search
(NOT (date_wday="Sat" OR date_wday="Sun") AND (date_hour>=20 OR
date_hour<7)) OR date_wday="Sat" OR date_wday="Sun"
19. Activity by IP Range
● Concept: Groups of systems often have
different patterns. So, analyze them by their
group.
➢ dest_ip=111.109.0.0/16 | top action
➢ sourcetype=checkpoint dest_ip=111.109.0.0/16 action=allowed
➢ eventtype=network* | top action by eventtype
20. Field Length Analysis
● Concept: Splunk makes analyzing the length of
fields really easy. This is valuable to find
malicious activity and mis-configurations
➢ | eval Length=len(_raw) | where Length>2000
➢ len(http_referer) or len(domain) or len(uri) ...
21. Field/Data Manipulation
● Concept: During analysis, you often need new
fields, or need to mangle a piece of data to help
with analysis.
➢ tag=firewall | eval Firewall_Host=orig | top Firewall_Host
➢ tag=firewall | rex "orig=(?<Firewall_Host>d+.d+.d+.d+)|"
➢ tag=firewall | rex ";policy_name=(?<policy_name>[^]]+)]"
Use mode=sed to change fields like action or _raw
➢ tag=firewall | rex field=action mode=sed "s/reject/blocked/" | top action
22.
23. Date in Search
● Concept: Don't you hate having to take your
hands off the keyboard to use your mouse to
manipulate the Timepicker? Me too.
➢ earliest=-3h+22m latest=@h-10m
➢ earliest=-3d@d latest=-2d@d-1s
25. Allows by Previous Drops
● Concept: A FW drop violates policy. Now, let's
inspect “Accepts” from those “source IPs”
➢ NOT eventtype=network:all_src tag=firewall NOT action=allowed
| dedup src_ip | table src_ip
➢ NOT eventtype=network:all_src tag=firewall action=allowed
[search NOT eventtype=network:all_src tag=firewall NOT
action=allowed | dedup src_ip | table src_ip]
| top src_ip by dest_ip
26. Bytes Transfer Analysis
● Concept: Whether you are looking for malware
payload or data exfiltration, bytes-transferred
from your firewall/webpoxy/flow is GOOD!
➢ tag=flow | stats avg(bytes_out) by src_ip,dest_port
Combine with off-time and IP range for exciting results
27. Port Scanning Analysis
● Concept: Not all attacks are slow and low. Use
Splunk to sniff-out port scanners and add it to
your watchlist for later.
Port scanners
➢ tag=firewall NOT eventtype=network:all_src | stats dc(dest_port) as
Port_Count by src_ip | where Port_Count>50
Host sweepers
➢ tag=firewall NOT eventtype=network:all_src | stats dc(dest_ip) as
IP_Count by src_ip | where IP_Count>50
29. Browsed to IP
● Concept:Bare-ip browsing isn't illegal, but it
shouldn't give you warm and fuzzies. Not
always bad, but combined with other indicators
bare ips are suspicious.
➢ tag=proxy | regex uri_domain="http://d+.d+.d+.d+" | rare uri_domain
30. Query Watchlist
● Concept: Use getwatchlist to pull any http(s)/ftp
accessible delimited file into Splunk
● Tool: Getwatchlist
➢ | getwatchlist malwaredomains | outputlookup domain_watchlist.csv
➢ tag=proxy [ | inputlookup watchlist | table domain]
31. Web Activity Timing
● Concept:Compare web activity by time and ...
● Tool: Geoip
➢ tag=proxy | lookup geoip clientip
➢ tag=proxy | transaction clientip maxspan=60s maxpause=40s | lookup
geoip clientip | stats dc(client_country) as Count by clientip | where
Count>2
32. URI/URL/File/Ext Analysis
● Concept: Evaluate web activity by URI, URL,
File, and extension.
➢ tag=proxy | stats dc(fileextension) as Count by clientip | sort -Count
➢ tag=proxy http_referer="-" http_user_agent="-" | stats dc(file) as Count
by clientip | sort -Count
33. Http User Agent Analysis
● Concept: UA strings are incredibly valuable and
can be used in a variety of ways.
● Tool: uas_parser
➢ tag=proxy | lookup uas_lookup http_user_agent | search
ua_type="unknown" | stats count by http_user_agent
➢ tag=proxy | lookup uas_lookup http_user_agent | top ua_family
➢ ua_type, ua_company
34. Long URI no Referrer ^M
● Concept: Deep analysis of URI's with no
referrer
➢ tag=proxy http_referer="-" method="GET"
| strcat uri_path uri_query uri
| replace *- with * in uri
| eval uri_length = len(uri)
| stats count by src_ip dest_ip dest_host http_referrer uri_length uri
| sort ‐uri_length
37. DNS + Webproxy
● Concept: DNS has significance since it is
frequently ignored and a popular C&C vector
for bad folks. Correlate DNS and Webproxy?
➢ tag=proxy OR tag=dns [ | inputlookup watchlist | table domain]
38. More Ideas
● Compare entropy
● Webproxy: Repeated errors (e.g. 404s and 500)
● Webproxy: SQL Injection discovery
● Webproxy: Unique file/uri
● Auth: Failures to “admin” accounts
● DNS: Deeply nested hosts (lots of dots)
● DNS: TXT queries
● DNS: Failed lookups
● DNS: Systems doing a lot of lookups (or failed lookups)
● DNS: End points making strange queries (successive SOA)
● DNS: Odd TLDs
● DNS: Spikes in lookups
● DNS: Reverse lookups
● DNS: Short TTLs
● DNS: Responses with non-routable IPs
39. Wrap Up
● “Lower the cost of exploration” - ^M
● Easily implement/test/evaluate
● Applies common analytic logic
● Easily pivot to validate or adjust strategy
