This document provides an overview and agenda for a presentation on getting started with Splunk. Splunk is a software platform that allows users to search, analyze, and visualize machine-generated data like logs and metrics. The presentation will cover what Splunk is, basic searching functionality, using fields to filter search results, and saving and sharing reports. It includes standard legal disclaimers about forward-looking statements and trademarks.
Splunk Enterpise for Information Security Hands-OnSplunk
Splunk is the ultimate tool for the InfoSec hunter. In this unique session, we’ll dive straight into the Splunk search interface, and interact with wire data harvested from various interesting and hostile environments, as well as some web access logs. We’ll show how you can use Splunk Enterprise with a few free Splunk applications to hunt for attack patterns representing SQL injection, data exfiltration, and C2 communication. We’ll show how to find evidence of RATs, brute force attempts, and directory traversal. Finally, we'll also demonstrate some ways to add context to your data in order to reduce false positives and more quickly respond to information. Bring your laptop – you’ll need a web browser to access our demo systems.
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
This discussion will detail best practices and recommendations for using your Application Performance Management / Network Performance Management solutions. The focus is to work in tandem and compliment existing Cyber Security solutions.
Splunk Enterpise for Information Security Hands-OnSplunk
Splunk is the ultimate tool for the InfoSec hunter. In this unique session, we’ll dive straight into the Splunk search interface, and interact with wire data harvested from various interesting and hostile environments, as well as some web access logs. We’ll show how you can use Splunk Enterprise with a few free Splunk applications to hunt for attack patterns representing SQL injection, data exfiltration, and C2 communication. We’ll show how to find evidence of RATs, brute force attempts, and directory traversal. Finally, we'll also demonstrate some ways to add context to your data in order to reduce false positives and more quickly respond to information. Bring your laptop – you’ll need a web browser to access our demo systems.
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...centralohioissa
This discussion will detail best practices and recommendations for using your Application Performance Management / Network Performance Management solutions. The focus is to work in tandem and compliment existing Cyber Security solutions.
Did you know you can do crazy useful things with Splunk’s search search language? Sort, use fields, apply wildcards – but even better, it allows you to drill-down into the results using Splunk’s Search interface timeline. This session will show some concrete examples of how to use Splunk with web access and other types of commonly-used data so you can craft simple but powerful searches based on what’s interesting in your data. Learn the basics of the Splunk search language in this beginner class, then move on to the Intermediate and Advanced classes to become a real pro.
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunk
Presented at SplunkLive! Frankfurt 2018:
Splunk Data Collection Architecture
Apps and Technology Add-ons
Demos / Examples
Best Practices
Resources and Q&A
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...Splunk
Presented at SplunkLive! Frankfurt 2018:
Introduction
SIEM Migration Methodology
Use Cases
Datasources & Data Onboarding
ES Architecture
Third-Party Integrations
You Got This!
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk
Collecting, interpreting and reporting on what Splunk is doing, especially in a distributed Splunk deployment can be challenging for the Splunk administrator. Where is the data that I'm indexing in Splunk coming from? What searches are taking up large amounts of system resources? How are the machines that Splunk is running on performing? This session covers new native tools in the Splunk platform for performing these and other administrative activities.
David Veuve, SE, Splunk, walks the audience through automated threat intelligence response, behavioral profiling, anomaly detection, and tracking an attack against the kill chain.
Power of Splunk Search Processing Language (SPL) ...Splunk
This session will unveil the power of the Splunk Search Processing Language (SPL). See how to use Splunk's simple search language for searching and filtering through data, charting statistics and predicting values, converging data sources and grouping transactions, and finally data science and exploration. We'll begin with basic search commands and build up to more powerful advanced tactics to help you harness your Splunk Fu!
Did you know you can do crazy useful things with Splunk’s search search language? Sort, use fields, apply wildcards – but even better, it allows you to drill-down into the results using Splunk’s Search interface timeline. This session will show some concrete examples of how to use Splunk with web access and other types of commonly-used data so you can craft simple but powerful searches based on what’s interesting in your data. Learn the basics of the Splunk search language in this beginner class, then move on to the Intermediate and Advanced classes to become a real pro.
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunk
Presented at SplunkLive! Frankfurt 2018:
Splunk Data Collection Architecture
Apps and Technology Add-ons
Demos / Examples
Best Practices
Resources and Q&A
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...Splunk
Presented at SplunkLive! Frankfurt 2018:
Introduction
SIEM Migration Methodology
Use Cases
Datasources & Data Onboarding
ES Architecture
Third-Party Integrations
You Got This!
Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Sp...Splunk
Collecting, interpreting and reporting on what Splunk is doing, especially in a distributed Splunk deployment can be challenging for the Splunk administrator. Where is the data that I'm indexing in Splunk coming from? What searches are taking up large amounts of system resources? How are the machines that Splunk is running on performing? This session covers new native tools in the Splunk platform for performing these and other administrative activities.
David Veuve, SE, Splunk, walks the audience through automated threat intelligence response, behavioral profiling, anomaly detection, and tracking an attack against the kill chain.
Power of Splunk Search Processing Language (SPL) ...Splunk
This session will unveil the power of the Splunk Search Processing Language (SPL). See how to use Splunk's simple search language for searching and filtering through data, charting statistics and predicting values, converging data sources and grouping transactions, and finally data science and exploration. We'll begin with basic search commands and build up to more powerful advanced tactics to help you harness your Splunk Fu!
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
7. What
Does
Splunk
Really
Do?
Into
this
It
turns
this
[Thu Sep 24 14:57:33 2009] [error] [client 10.2.1.44] ap_proxy: trying GET /petstore/
enter_order_information.screen at backend host '127.0.0.1/7001; got exception
'CONNECTION_REFUSED [os error=0, line 1739 of ../nsapi/URL.cpp]: Error connecting to host
127.0.0.1:7001', referer: http://10.2.1.223/petstore/cart.do?action=purchase&itemId=EST-14
7
9. Splunk
Web
9
! Splunk's
dynamic
and
interac1ve
browser-‐based
interface
! The
primary
interface
for
inves1ga1ng
problems,
repor1ng
on
results,
and
managing
Splunk
deployments
! Note:
Splunk
with
a
free
license
does
not
have
access
controls,
so
you
will
not
be
prompted
for
login
informa1on
10. Search
&
Repor)ng
App
–
Summary
View
current
view
search
bar
app
naviga1on
current
app
global
stats
start
search
1me
range
picker
resources
10
11. Events
11
! Searches
return
events
! In
Splunk,
an
event
is
a
single
piece
of
data,
such
as
a
record
in
a
log
file
or
other
data
input
! Splunk
breaks
up
input
data
into
individual
events
and
gives
each
a
1mestamp,
host,
source,
and
sourcetype
13. Everything
is
Searchable
! *
wildcard
supported
! Search
terms
are
case
insensi1ve
! Booleans
AND,
OR,
NOT
• Must
be
uppercase
• AND
is
implied
between
terms
! Use
()
for
complex
searches
! Use
quota1on
marks
for
phrases
fail*!
fail* nfs!
error OR 404!
error OR failed OR (sourcetype=access* (500 OR 503))!
"login failure"!
13
17. Naviga)ng
Search
Results
17
! Mouse
over
search
results
– Keywords
and
parts
of
keywords
are
highlighted
! To
add
a
term
to
the
search,
click
it
– AND
is
implied
– To
remove,
click
again
! To
exclude
a
term
from
a
search,
alt+click
it
– Adds
NOT
[term]
to
search
18. Selec)ng
Search
Time
Range
18
! By
default,
search
is
“all
1me”
– Can
consume
a
great
deal
of
resources
– Ideal
for
looking
at
long
term
paierns,
such
as,
advanced
persistent
threat
! To
narrow
your
search,
use
the
1me
range
picker
21. What
are
Fields?
! Fields
are
searchable
key/value
pairs
in
your
event
data
• Example:
host=www1, status=503!
! All
fields
have
names
and
can
be
searched
with
those
names
• Example:
Separa1ng
an
hip
status
code
of
404
from
Atlanta’s
area
code
! There
are
2
types
of
fields:
default fields
data-specific fields
21
22. ! Data-‐specific
field
values
come
from
your
data
! Some1mes
indicated
by
obvious
key=value
pairs:
! Some1mes
not:
! For
more
informa1on,
please
see:
hip://docs.splunk.com/Documenta1on/Splunk/latest/Data/Listofpretrainedsourcetypes
Iden)fying
Data-‐specific
Fields
22
22
23. ! For
the
current
search,
shows
• Selected
fields
• Interes1ng
fields
• Link
to
view
all
fields
! Fields
returned
are
those
Splunk
recognized
from
your
search
results
! Interes1ng
fields
are
fields
that
have
values
in
at
least
50%
of
events
Fields
Sidebar
Selected
fields
Interesting
fields
View all fields
(#)
indicates
number
of
unique
values
23
24. Selected
Fields
24
! Selected
fields
and
their
values
display
under
every
event
when
a
value
is
available
! By
default,
host,
source,
and
sourcetype
are
selected
fields
! Fields
sidebar
is
interac1ve
24
25. ! Alt-‐click
any
field
to
see
a
window
of
op1ons
for
that
field
! Click
Yes
to
the
right
of
Selected
• The
field
will
appear
in
the
selected
fields
list
and
in
the
search
results
Adding
Fields
to
Selected
Fields
25
25
26. More
Ways
to
Use
the
Fields
Sidebar
Create
reports
(charts)
Click
a
value
to
add
to
a
search
ALT
+
click
a
value
to
remove
from
a
search
Narrow
the
search
to
show
only
results
that
contain
this
field
26
27. Using
Fields
in
Searches
! Efficient
way
to
pinpoint
searches
and
refine
results
! Use
wildcards
! Field
names
ARE
case
sensi1ve,
field
values
are
NOT
• Example:
Splunk
extracts
a
field
in
linux_secure
data
named
user
• These
two
searches
return
results:
This
one
does
not:
vs
.
vs.
27
28. ! From
the
fields
sidebar,
select
a
field
and
a
report
defini1on
(Top
values,
Top
values
by
1me,
or
Rare
values)
Create
Reports
from
Fields
Sidebar
28
28
29. Create
a
‘Top
Values’
Report
Mouse
over
a
bar
for
a
detailed
view
of
its
count
32. ! Save
search
criteria
and
1me
range,
but
not
results,
to
re-‐run
at
any
point
in
the
future
! Click
the
Save
As
buion,
select
Report,
enter
a
1tle
Saving
Reports
34. Sharing
Reports
(Jobs)
! Save
report
results
and
generate
a
link
to
it
–
good
for
7
days
! Use
Share
buion
or
Job
dropdown
! Distribute
link
as
appropriate
35. ! Capture
the
search
output
at
a
point
in
1me
–
“freeze”
results
! Click
Export
! Choose
a
format
Saving
Results
36. Beyond
the
Basics
! Splunk
has
many
powerful
features
and
search
commands
that
allow
you
to:
– Pivot
-‐
quickly
build
queries
and
display
results
through
an
easy
to
use
interface
– Create
alerts
– Capture
and
share
knowledge
– Calculate
sta1s1cs
– Format
and
organize
values
within
search
results
– Create
compelling
data
visualiza1ons
and
reports
– And
more!
– Learn
about
these
features
in
other
Using
Splunk
track
sessions
36
42. ! Download
Splunk
Enterprise
-‐
build
your
own
sandbox
! Free!
www.splunk.com/download
! Pick
your
plaTorm
! Installs
in
minutes
Take
a
Test
Drive!
42
42