Submit Search
Upload
CIM Compliance.pptx
•
Download as PPTX, PDF
•
0 likes
•
16 views
R
Rinaldi Rampen
Follow
"Visibility with CIM" SplunkersDC Meetup - June 28th, 2023 By: Matt Feeley
Read less
Read more
Technology
Report
Share
Report
Share
1 of 18
Download now
Recommended
Performance Testing
Performance Testing
vodQA
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Unanet
SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!
SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!
Richard Robinson
Observability with Spring-based distributed systems
Observability with Spring-based distributed systems
Rakuten Group, Inc.
[EMC] Source Code Protection
[EMC] Source Code Protection
Perforce
vodQA Pune (2019) - Insights into big data testing
vodQA Pune (2019) - Insights into big data testing
vodQA
MongoDB World 2019: High Performance Auditing of Changes Based on MongoDB Cha...
MongoDB World 2019: High Performance Auditing of Changes Based on MongoDB Cha...
MongoDB
Decision Matrix for IoT Product Development
Decision Matrix for IoT Product Development
Alexey Pyshkin
Recommended
Performance Testing
Performance Testing
vodQA
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Unanet
SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!
SCRIMPS-STD: Test Automation Design Principles - and asking the right questions!
Richard Robinson
Observability with Spring-based distributed systems
Observability with Spring-based distributed systems
Rakuten Group, Inc.
[EMC] Source Code Protection
[EMC] Source Code Protection
Perforce
vodQA Pune (2019) - Insights into big data testing
vodQA Pune (2019) - Insights into big data testing
vodQA
MongoDB World 2019: High Performance Auditing of Changes Based on MongoDB Cha...
MongoDB World 2019: High Performance Auditing of Changes Based on MongoDB Cha...
MongoDB
Decision Matrix for IoT Product Development
Decision Matrix for IoT Product Development
Alexey Pyshkin
Security a Revenue Center: How Security Can Drive Your Business
Security a Revenue Center: How Security Can Drive Your Business
shira koper
Java springboot microservice - Accenture Technology Meetup
Java springboot microservice - Accenture Technology Meetup
Accenture Hungary
Essential Prerequisites for Maximizing Success from Big Data
Essential Prerequisites for Maximizing Success from Big Data
Society of Petroleum Engineers
Security architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
Securing Kubernetes Workloads
Securing Kubernetes Workloads
Jim Bugwadia
Software Testing Future and Challenges
Software Testing Future and Challenges
Bakr Salim
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
Atlassian
Lecture27 cc-security2
Lecture27 cc-security2
Ankit Gupta
Modernizing legacy systems
Modernizing legacy systems
BhagvanK1
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
EnergySec
Myths of validation
Myths of validation
Jeff Thomas
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
Ievgenii Katsan
MFG4 2016 - Is Automation Right for Your Company - 4-2016
MFG4 2016 - Is Automation Right for Your Company - 4-2016
Craig Salvalaggio
Advanced Coded UI Testing
Advanced Coded UI Testing
Shai Raiten
The Tools and Machinery behind the curtain
The Tools and Machinery behind the curtain
Jan Van Bruaene
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
ATMOSPHERE .
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Corporation
Lights-Out Testing for Lights-On Business
Lights-Out Testing for Lights-On Business
Worksoft
Deep-Dive to Application Insights
Deep-Dive to Application Insights
Gunnar Peipman
The Business Case for Cloud Management - RightScale Compute 2013
The Business Case for Cloud Management - RightScale Compute 2013
RightScale
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
More Related Content
Similar to CIM Compliance.pptx
Security a Revenue Center: How Security Can Drive Your Business
Security a Revenue Center: How Security Can Drive Your Business
shira koper
Java springboot microservice - Accenture Technology Meetup
Java springboot microservice - Accenture Technology Meetup
Accenture Hungary
Essential Prerequisites for Maximizing Success from Big Data
Essential Prerequisites for Maximizing Success from Big Data
Society of Petroleum Engineers
Security architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
Securing Kubernetes Workloads
Securing Kubernetes Workloads
Jim Bugwadia
Software Testing Future and Challenges
Software Testing Future and Challenges
Bakr Salim
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
Atlassian
Lecture27 cc-security2
Lecture27 cc-security2
Ankit Gupta
Modernizing legacy systems
Modernizing legacy systems
BhagvanK1
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
EnergySec
Myths of validation
Myths of validation
Jeff Thomas
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
Ievgenii Katsan
MFG4 2016 - Is Automation Right for Your Company - 4-2016
MFG4 2016 - Is Automation Right for Your Company - 4-2016
Craig Salvalaggio
Advanced Coded UI Testing
Advanced Coded UI Testing
Shai Raiten
The Tools and Machinery behind the curtain
The Tools and Machinery behind the curtain
Jan Van Bruaene
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
ATMOSPHERE .
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Corporation
Lights-Out Testing for Lights-On Business
Lights-Out Testing for Lights-On Business
Worksoft
Deep-Dive to Application Insights
Deep-Dive to Application Insights
Gunnar Peipman
The Business Case for Cloud Management - RightScale Compute 2013
The Business Case for Cloud Management - RightScale Compute 2013
RightScale
Similar to CIM Compliance.pptx
(20)
Security a Revenue Center: How Security Can Drive Your Business
Security a Revenue Center: How Security Can Drive Your Business
Java springboot microservice - Accenture Technology Meetup
Java springboot microservice - Accenture Technology Meetup
Essential Prerequisites for Maximizing Success from Big Data
Essential Prerequisites for Maximizing Success from Big Data
Security architecture best practices for saas applications
Security architecture best practices for saas applications
Securing Kubernetes Workloads
Securing Kubernetes Workloads
Software Testing Future and Challenges
Software Testing Future and Challenges
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
A Journey to Enterprise Agility: Migrating 15 Atlassian Instances to Data Center
Lecture27 cc-security2
Lecture27 cc-security2
Modernizing legacy systems
Modernizing legacy systems
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
Myths of validation
Myths of validation
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
MFG4 2016 - Is Automation Right for Your Company - 4-2016
MFG4 2016 - Is Automation Right for Your Company - 4-2016
Advanced Coded UI Testing
Advanced Coded UI Testing
The Tools and Machinery behind the curtain
The Tools and Machinery behind the curtain
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Managing Trustworthy Big-data Applications in the Cloud with the ATMOSPHERE P...
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Xybion Webinar - Rumors, Risks and Realities of spreadsheet validation
Lights-Out Testing for Lights-On Business
Lights-Out Testing for Lights-On Business
Deep-Dive to Application Insights
Deep-Dive to Application Insights
The Business Case for Cloud Management - RightScale Compute 2013
The Business Case for Cloud Management - RightScale Compute 2013
Recently uploaded
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
V3cube
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
hans926745
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Recently uploaded
(20)
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
CIM Compliance.pptx
1.
CIM compliance By Matt
Feeley
2.
Copyright ©2023 |
guidepointsecurity.com How to see it Practice of normalizing fields to a common standard like, • source_host, source_ip, source -> src • vendor_action, measure, result -> action • known_auth, etc.. -> signature across data sources like, • Windows • Linux • Palo, etc.. within events of matching domains (23) • Authentication • Malware • Intrusion detection, etc..
3.
Copyright ©2023 |
guidepointsecurity.com How do you say it? Toe·ma·tow Tuh·may·tow Tomato
4.
Copyright ©2023 |
guidepointsecurity.com
5.
Copyright ©2023 |
guidepointsecurity.com
6.
Copyright ©2023 |
guidepointsecurity.com • Searches Itself • Syntax change datamodels, tstats, etc.. • No (index=*) OR (index=win AND index=o365) • Faster results (saved different on backend) • Search returns all events per datamodel (regardless of data source) Why Do CIM?
7.
Copyright ©2023 |
guidepointsecurity.com End Result
8.
Copyright ©2023 |
guidepointsecurity.com Steps Involved D E F I N I N G 1. Pre-requistes 1. Install CIM app 2. Identify & Define 1. Identify events to a domain 2. Define eventtypes & tags for event 3. Normalize 1. Review fields 2. Standardize the fields 4. Validate & Complete 1. Validate Check for adverse affects (like overwriting, existing fields) 2. Setup Common Information Model app 3. Rebuild/Update Datamodel
9.
Copyright ©2023 |
guidepointsecurity.com Install CIM App • You can find the free app on splunkbase • The CIM app provides the framework of datamodels.
10.
Copyright ©2023 |
guidepointsecurity.com I D E N T I F Y E V E N T S T O A D O M A I N • Domains have a constraint events must meet • No “tag” field exists
11.
Copyright ©2023 |
guidepointsecurity.com D E F I N E E V E N T T Y P E S A N D T A G S • Search string should be as restrictive as possible to only show events of interest • Tag(s) should contain the required constraint for datamodel of intersest
12.
Copyright ©2023 |
guidepointsecurity.com
13.
Copyright ©2023 |
guidepointsecurity.com Review Fields • Use best judgement • Don’t be afraid to ask Admins of data source to validate • Every field does NOT need to exist within an event • Some events might just not contain a field
14.
Copyright ©2023 |
guidepointsecurity.com • Ways to Standardize 1. rename 2. extract 3. report 4. KV_MODE 5. fieldalias 6. eval (also known as fields) 7. lookup Standardize Fields & Values
15.
Copyright ©2023 |
guidepointsecurity.com • Order of Precedence 1. rename 2. extract 3. report (usually extractions that involve both props.conf and transforms.conf) 4. KV_MODE 5. fieldalias 6. eval (also known as fields) 7. lookup Validate and Check • Eval method overwriting lookup method for the field’s value • You’ll need to validate on Large Volumes of Data
16.
Copyright ©2023 |
guidepointsecurity.com Setup Common Information Model app
17.
Copyright ©2023 |
guidepointsecurity.com Rebuild/Update Datamodel • Rebuild Could impact existing dashboard(s). Results zero out, and will re-populate as new events come in. • Update Won’t impact existing dashboard(s)
18.
Copyright ©2023 |
guidepointsecurity.com Things to watch out for • Set Global Permission on all Knowledge Objects • Evals, Extractions, Eventtypes, Tags, etc.. • Always validate pre-existing fields/events work as expected. • Knowledge object order of precedence can over wright other knowledge objects. 1. rename 2. extract 3. report (usually extractions that involve both props.conf and transforms.conf) 4. KV_MODE 5. fieldalias 6. eval (also known as fields) 7. calculated 8. lookup PAY ATTENTION!!! • Attempt to use add-ons from splunkbase. • Potentially already CIM comply • The better quality the add-on the less you’ll need to do that’s custom. • You should always review and CIM even if add-on parses accurate • Rebuild/Update datamodels at any point additional CIM compliance is done • Every event will NOT contain every field to standardize • Some fields require certain values for output
Download now