Thanks for coming out to another great PNW usergroup featuring Matt Snyder talking about RBA & Insider Threats, Thomas Booth discussing Splunk IT Essentials Work, and Larry Becker sharing cybersecurity best practices.
The document provides an agenda for a Splunk user group meeting on March 9th, 2022. The agenda includes talks on implementing Splunk's Real-Time Business Analytics (RBA), updates on Splunk Enterprise 7.0, and a demo of an insider threat detection tool. There will also be a talk from Intel on their use of Splunk for chip design analytics. The document outlines the speakers and their presentations throughout the meeting.
Here are the key steps to build a Splunk ITSI KPI to monitor for missing event formats:
1. Define the expected event formats in a lookup table with fields like Rule_ID, Event_Name, Raw_Filter, Punct.
2. Create a Base Search that looks up the Punct field against the lookup and filters for matching rules. This will return the expected event names.
3. Build a KPI on top of the Base Search to track the count of matching events over time. Set thresholds to alert if the count drops significantly.
4. Create an alert that triggers if the KPI value breaches the threshold. This will fire if an unexpected drop in events is detected.
The Splunk PNW usergroup .conf21 Best of the Best roundup!
1. .conf21 Product Announcement recap
2. How T-Mobile Increased Splunk User Proficiency (Across 7,800 Users!) With a World-Class Center of Excellence
3. Top SOAR sessions
4. Workforce Analytics To Improve End-User Experience and Performance
Splunk is a time-series data platform that handles the three V's of data (volume, velocity, and variety) very well. It collects, indexes, and allows searching and analysis of data. Splunk can collect data from files, directories, network ports, programs/scripts, and databases. It breaks data down into searchable events and builds a high-performance index. This allows users to search, manipulate, and visualize data in reports, charts, and dashboards. Splunk can analyze structured, unstructured, and multistructured data from various sources like logs, networks, clicks, and more.
On your marks, get set GO!
Take a more in-depth look at the automation and orchestration journey and the future of SOAR.
Watch the SOCtails video here: https://www.youtube.com/watch?v=YzsGQzqaDYw&t=2s
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
This document provides an overview of Splunk IT Service Intelligence (ITSI), a machine learning-powered solution from Splunk for monitoring IT services and gaining operational insights. ITSI allows organizations to define IT services and associated key performance indicators (KPIs) to simplify operations and prioritize incidents. It features capabilities like service analyzers, glass table dashboards, and alerts on multi-KPI degradations. The document highlights how ITSI differs from traditional monitoring through its use of search-based and adaptable KPIs and service health scores to provide full-fidelity insights across an organization's universal machine data platform.
Machine-generated data is one of the fastest growing and complex areas of big data. It's also one of the most valuable, containing a definitive record of all user transactions, customer behavior, machine behavior, security threats, fraudulent activity and more. Join us as we explore the basics of machine data analysis and highlight techniques to help you turn your organization’s machine data into valuable insights. This introductory workshop includes a hands-on(bring your laptop) demonstration of Splunk’s technology and covers use cases both inside and outside IT. Learn why more than 12,000 customers in over 110 countries use Splunk to make business, government, and education more efficient, secure, and profitable.
The document provides an agenda for a Splunk user group meeting on March 9th, 2022. The agenda includes talks on implementing Splunk's Real-Time Business Analytics (RBA), updates on Splunk Enterprise 7.0, and a demo of an insider threat detection tool. There will also be a talk from Intel on their use of Splunk for chip design analytics. The document outlines the speakers and their presentations throughout the meeting.
Here are the key steps to build a Splunk ITSI KPI to monitor for missing event formats:
1. Define the expected event formats in a lookup table with fields like Rule_ID, Event_Name, Raw_Filter, Punct.
2. Create a Base Search that looks up the Punct field against the lookup and filters for matching rules. This will return the expected event names.
3. Build a KPI on top of the Base Search to track the count of matching events over time. Set thresholds to alert if the count drops significantly.
4. Create an alert that triggers if the KPI value breaches the threshold. This will fire if an unexpected drop in events is detected.
The Splunk PNW usergroup .conf21 Best of the Best roundup!
1. .conf21 Product Announcement recap
2. How T-Mobile Increased Splunk User Proficiency (Across 7,800 Users!) With a World-Class Center of Excellence
3. Top SOAR sessions
4. Workforce Analytics To Improve End-User Experience and Performance
Splunk is a time-series data platform that handles the three V's of data (volume, velocity, and variety) very well. It collects, indexes, and allows searching and analysis of data. Splunk can collect data from files, directories, network ports, programs/scripts, and databases. It breaks data down into searchable events and builds a high-performance index. This allows users to search, manipulate, and visualize data in reports, charts, and dashboards. Splunk can analyze structured, unstructured, and multistructured data from various sources like logs, networks, clicks, and more.
On your marks, get set GO!
Take a more in-depth look at the automation and orchestration journey and the future of SOAR.
Watch the SOCtails video here: https://www.youtube.com/watch?v=YzsGQzqaDYw&t=2s
Reactive to Proactive: Intelligent Troubleshooting and Monitoring with SplunkSplunk
This document provides an overview of Splunk IT Service Intelligence (ITSI), a machine learning-powered solution from Splunk for monitoring IT services and gaining operational insights. ITSI allows organizations to define IT services and associated key performance indicators (KPIs) to simplify operations and prioritize incidents. It features capabilities like service analyzers, glass table dashboards, and alerts on multi-KPI degradations. The document highlights how ITSI differs from traditional monitoring through its use of search-based and adaptable KPIs and service health scores to provide full-fidelity insights across an organization's universal machine data platform.
Machine-generated data is one of the fastest growing and complex areas of big data. It's also one of the most valuable, containing a definitive record of all user transactions, customer behavior, machine behavior, security threats, fraudulent activity and more. Join us as we explore the basics of machine data analysis and highlight techniques to help you turn your organization’s machine data into valuable insights. This introductory workshop includes a hands-on(bring your laptop) demonstration of Splunk’s technology and covers use cases both inside and outside IT. Learn why more than 12,000 customers in over 110 countries use Splunk to make business, government, and education more efficient, secure, and profitable.
The document is an introduction presentation for security analytics methods using Splunk. It discusses forward-looking statements and outlines the agenda which includes an overview of Splunk Security Essentials, a demo/walkthrough of the app, and an end-to-end scenario example. It also summarizes key analytics methods like general security searches, time series analysis using standard deviation, and first time seen events.
Introduction into Security Analytics Methods Splunk
This document provides an overview and demo of Splunk Security Essentials. It begins with an introduction to the app and its capabilities for detecting threats both external and internal. It then demonstrates how to install and navigate the app to evaluate security use cases and review analytics methods. A scenario of a malicious insider exfiltrating data is presented and it shows how the app's searches could be used to detect anomalous activity related to Salesforce and Box downloads. The summary concludes by emphasizing how the app teaches detection use cases that can then be customized and integrated with Splunk's security products.
During the presentation, forward-looking statements were made regarding Splunk's plans and estimates that are subject to risks and uncertainties. Any information about Splunk's roadmap outlines general product direction but is subject to change without notice. Splunk undertakes no obligation to develop or include any described feature in a future release. The presentation demonstrated Splunk's IoT analytics capabilities for manufacturing including predictive maintenance, advanced monitoring, and self-service analytics.
- The Security Posture dashboard provides a near real-time overview of an organization's security posture by displaying notable security events.
- The analyst can pivot from this dashboard to the Incident Review dashboard to begin investigating critical notable events.
- Drilling into a notable event on the Incident Review dashboard provides important context about the event such as the affected systems, compliance data, and location to assist the analyst's investigation.
SplunkLive! Munich 2018: Getting Started with Splunk EnterpriseSplunk
The document provides an agenda for a SplunkLive! presentation on installing and using Splunk. It includes downloading required files, importing sample data, conducting searches on the data, and exploring various Splunk features through a live demonstration. Common installation problems are also addressed. The presentation aims to provide attendees with the knowledge and skills to get started using Splunk through hands-on learning and a question and answer session.
These are the slides from the webinar broadcast on April 1st 2020, presented by Philipp Drieger. Content covers:
- Introduction to AI and ML Features in Splunk
- Customer Use Case Examples
- Live Demo of Machine Learning Toolkit, with examples for:
Methods for Anomaly Detection, Predictive Analytics and Forecasting, and Clustering
- Custom Machine Learning, incl.: Advanced Containerization and Expansion with MLSPL API
Splunk is a powerful platform for understanding your data. This session will provide an overview of machine learning capabilities available across Splunk’s portfolio. We'll dive deeply into Splunk's Machine Learning Toolkit App, which extends Splunk Enterprise with a rich suite of advanced analytics, machine learning algorithms, and rich visualizations. It also provides customers with a guided model-building and operationalization environment. The demonstration will include the guided model-building UI for tasks such as predictive analytics, outlier detection, event clustering, and anomaly detection. We’ll also review typical use cases and real-world customers who are using the Toolkit to drive business results.
Worst Splunk practices...and how to fix them Splunk
This document provides a summary of best practices and common pitfalls when using Splunk for data collection, management, and resiliency. It discusses best practices for collecting syslog data over UDP, direct TCP/UDP collection, load balancing with forwarders, and data onboarding practices like specifying sourcetypes and timestamps. Common mistakes involve over-engineering syslog collection, sending TCP/UDP streams directly to indexers without load balancing, relying too heavily on intermediate forwarders, and not explicitly configuring sourcetype and timestamp settings. The presentation aims to help Splunk administrators and knowledge managers address common problems and apply optimization strategies.
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunk
No matter what business you’re in, your web applications are front-and-center for your customers. Downtime, or even bad performance not only creates a spike in costs, they often translate into loss of customers and revenue. You need immediate insight into the availability, performance and usage of your applications and the infrastructure your applications run on. In this session, you will learn why you need to take a platform approach to full stack application management, whether your applications reside on-premises or in the cloud. Second, we will show you how you can use Splunk to monitor the usage and performance of your applications, and quickly troubleshoot faults by stepping through some of the most common issues our customers experience. Third, we’ll contrast what Splunk does relative to other APM tools you may already have deployed, and even show you how you can bring APM data into Splunk to gain more insight into application performance.
The document discusses how artificial intelligence and machine learning can help organizations address challenges around data and analytics. It notes that while CEOs expect AI to have a major impact, most organizations have not introduced AI initiatives. The document outlines different types of machine learning and provides examples of applications in various industries. It also discusses challenges with data quality and "dark data" that can limit the effectiveness of AI/ML. Finally, it presents how Splunk's AIops capabilities can help organizations leverage machine learning to drive business outcomes by gaining insights from infrastructure, applications and other digital systems data.
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...Splunk
Presented at SplunkLive! Frankfurt 2018:
Introduction
SIEM Migration Methodology
Use Cases
Datasources & Data Onboarding
ES Architecture
Third-Party Integrations
You Got This!
Do You Really Need to Evolve From Monitoring to Observability?Splunk
The document discusses the concepts of monitoring and observability. It defines observability as focusing on what can't be seen or the unknowns in a system. Observability provides visibility into the state of applications, systems, and services through logs, metrics, and traces to understand problems and take actions. The document then summarizes SignalFx's approach to observability, which combines metrics, traces, and logs in a streaming architecture to provide insights in seconds and help troubleshoot issues.
The document discusses a presentation given by Johan Bjerke on new features in Splunk 6.6 and search techniques. It includes an agenda that covers what's new in Splunk 6.6, harnessing the power of search commands like eval, stats, and transaction, and lesser known commands like contingency and xyseries. Examples are provided for various search commands to illustrate how to use them to analyze machine data.
The document discusses Splunk Incident Response, orchestration and automation capabilities. It notes that incident response currently takes significant time, from months for detection to days for containment and remediation. Splunk aims to accelerate this process through automation, orchestration and its security operations platform to integrate tools, streamline workflows and automate repetitive tasks. The presentation demonstrates Splunk's Phantom security orchestration product and how it can automate security tasks like malware investigations to reduce response times.
Splunk is like an iceberg, on the surface we see the major components: indexers, search heads, license master, cluster master but under the water line we have a huge number of forwarders collecting and aggregating data streams. These forwarders are the foundations of any installation and configuration issues translate into problems with alerts, search performance, cluster stability and scaling out. This talk shows you to various ways to measure the efficiency of data collection and how to improve it. Prepare for lots of complex searches to identify common problems and charts that show good and bad. The talk aims to revolutionise how you think about forwarders and data collection in Splunk and turbo charge your platform performance and improve stability.
Machine Data Workshop 101 provides an overview of Splunk's machine data platform and capabilities. It discusses Splunk's approach to collecting and indexing machine data from both traditional and non-traditional sources. The workshop also covers techniques for data enrichment including tags, field aliases, calculated fields, and lookups to provide additional context to machine data.
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk
Presented at Splunk Discovery Warsaw 2018:
SIEM Replacement Methodology
Use Cases
Data Sources & Data Onboarding
Architecture
Third Party Integration
You Got This!
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...Splunk
Fighting the Eternal Challenge: Dealing with Alert Fatigue and Getting Insights into Security Productivity.
Lessons for a Fast Start in Automation and Orchestration.
Supercharge your decision making
Aimed at business and technology leaders to show how they can make better better business decisions, faster using the power of data.
In a world of increasing complexity, it’s more important than ever to understand the wider context whilst moving at speed.Learn how to supercharge your decision making.
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
Splunk User Behavior Analytics (UBA) 2.2 provides enhanced security analytics and detection capabilities. It uses machine learning to establish baseline behaviors and detect anomalies. UBA analyzes activities across users, hosts, networks, applications and data to identify potential threats. The latest version features expanded visibility metrics, custom threat modeling capabilities, and improved context enrichment through integrations with additional security technologies.
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
This document provides an overview of a presentation given by Dave Herrald, a security architect at Splunk, on Splunk's Enterprise Security and User Behavior Analytics solutions. The presentation covered new features in Splunk Enterprise Security 4.1, including enhanced threat intelligence integration, risk-based searching and incident review, and integration with Splunk User Behavior Analytics. It also reviewed capabilities in Splunk User Behavior Analytics 2.2 like custom threat modeling, expanded attack coverage, and context enrichment.
The document is an introduction presentation for security analytics methods using Splunk. It discusses forward-looking statements and outlines the agenda which includes an overview of Splunk Security Essentials, a demo/walkthrough of the app, and an end-to-end scenario example. It also summarizes key analytics methods like general security searches, time series analysis using standard deviation, and first time seen events.
Introduction into Security Analytics Methods Splunk
This document provides an overview and demo of Splunk Security Essentials. It begins with an introduction to the app and its capabilities for detecting threats both external and internal. It then demonstrates how to install and navigate the app to evaluate security use cases and review analytics methods. A scenario of a malicious insider exfiltrating data is presented and it shows how the app's searches could be used to detect anomalous activity related to Salesforce and Box downloads. The summary concludes by emphasizing how the app teaches detection use cases that can then be customized and integrated with Splunk's security products.
During the presentation, forward-looking statements were made regarding Splunk's plans and estimates that are subject to risks and uncertainties. Any information about Splunk's roadmap outlines general product direction but is subject to change without notice. Splunk undertakes no obligation to develop or include any described feature in a future release. The presentation demonstrated Splunk's IoT analytics capabilities for manufacturing including predictive maintenance, advanced monitoring, and self-service analytics.
- The Security Posture dashboard provides a near real-time overview of an organization's security posture by displaying notable security events.
- The analyst can pivot from this dashboard to the Incident Review dashboard to begin investigating critical notable events.
- Drilling into a notable event on the Incident Review dashboard provides important context about the event such as the affected systems, compliance data, and location to assist the analyst's investigation.
SplunkLive! Munich 2018: Getting Started with Splunk EnterpriseSplunk
The document provides an agenda for a SplunkLive! presentation on installing and using Splunk. It includes downloading required files, importing sample data, conducting searches on the data, and exploring various Splunk features through a live demonstration. Common installation problems are also addressed. The presentation aims to provide attendees with the knowledge and skills to get started using Splunk through hands-on learning and a question and answer session.
These are the slides from the webinar broadcast on April 1st 2020, presented by Philipp Drieger. Content covers:
- Introduction to AI and ML Features in Splunk
- Customer Use Case Examples
- Live Demo of Machine Learning Toolkit, with examples for:
Methods for Anomaly Detection, Predictive Analytics and Forecasting, and Clustering
- Custom Machine Learning, incl.: Advanced Containerization and Expansion with MLSPL API
Splunk is a powerful platform for understanding your data. This session will provide an overview of machine learning capabilities available across Splunk’s portfolio. We'll dive deeply into Splunk's Machine Learning Toolkit App, which extends Splunk Enterprise with a rich suite of advanced analytics, machine learning algorithms, and rich visualizations. It also provides customers with a guided model-building and operationalization environment. The demonstration will include the guided model-building UI for tasks such as predictive analytics, outlier detection, event clustering, and anomaly detection. We’ll also review typical use cases and real-world customers who are using the Toolkit to drive business results.
Worst Splunk practices...and how to fix them Splunk
This document provides a summary of best practices and common pitfalls when using Splunk for data collection, management, and resiliency. It discusses best practices for collecting syslog data over UDP, direct TCP/UDP collection, load balancing with forwarders, and data onboarding practices like specifying sourcetypes and timestamps. Common mistakes involve over-engineering syslog collection, sending TCP/UDP streams directly to indexers without load balancing, relying too heavily on intermediate forwarders, and not explicitly configuring sourcetype and timestamp settings. The presentation aims to help Splunk administrators and knowledge managers address common problems and apply optimization strategies.
SplunkLive! London 2017 - Happy Apps, Happy UsersSplunk
No matter what business you’re in, your web applications are front-and-center for your customers. Downtime, or even bad performance not only creates a spike in costs, they often translate into loss of customers and revenue. You need immediate insight into the availability, performance and usage of your applications and the infrastructure your applications run on. In this session, you will learn why you need to take a platform approach to full stack application management, whether your applications reside on-premises or in the cloud. Second, we will show you how you can use Splunk to monitor the usage and performance of your applications, and quickly troubleshoot faults by stepping through some of the most common issues our customers experience. Third, we’ll contrast what Splunk does relative to other APM tools you may already have deployed, and even show you how you can bring APM data into Splunk to gain more insight into application performance.
The document discusses how artificial intelligence and machine learning can help organizations address challenges around data and analytics. It notes that while CEOs expect AI to have a major impact, most organizations have not introduced AI initiatives. The document outlines different types of machine learning and provides examples of applications in various industries. It also discusses challenges with data quality and "dark data" that can limit the effectiveness of AI/ML. Finally, it presents how Splunk's AIops capabilities can help organizations leverage machine learning to drive business outcomes by gaining insights from infrastructure, applications and other digital systems data.
SplunkLive! Frankfurt 2018 - Legacy SIEM to Splunk, How to Conquer Migration ...Splunk
Presented at SplunkLive! Frankfurt 2018:
Introduction
SIEM Migration Methodology
Use Cases
Datasources & Data Onboarding
ES Architecture
Third-Party Integrations
You Got This!
Do You Really Need to Evolve From Monitoring to Observability?Splunk
The document discusses the concepts of monitoring and observability. It defines observability as focusing on what can't be seen or the unknowns in a system. Observability provides visibility into the state of applications, systems, and services through logs, metrics, and traces to understand problems and take actions. The document then summarizes SignalFx's approach to observability, which combines metrics, traces, and logs in a streaming architecture to provide insights in seconds and help troubleshoot issues.
The document discusses a presentation given by Johan Bjerke on new features in Splunk 6.6 and search techniques. It includes an agenda that covers what's new in Splunk 6.6, harnessing the power of search commands like eval, stats, and transaction, and lesser known commands like contingency and xyseries. Examples are provided for various search commands to illustrate how to use them to analyze machine data.
The document discusses Splunk Incident Response, orchestration and automation capabilities. It notes that incident response currently takes significant time, from months for detection to days for containment and remediation. Splunk aims to accelerate this process through automation, orchestration and its security operations platform to integrate tools, streamline workflows and automate repetitive tasks. The presentation demonstrates Splunk's Phantom security orchestration product and how it can automate security tasks like malware investigations to reduce response times.
Splunk is like an iceberg, on the surface we see the major components: indexers, search heads, license master, cluster master but under the water line we have a huge number of forwarders collecting and aggregating data streams. These forwarders are the foundations of any installation and configuration issues translate into problems with alerts, search performance, cluster stability and scaling out. This talk shows you to various ways to measure the efficiency of data collection and how to improve it. Prepare for lots of complex searches to identify common problems and charts that show good and bad. The talk aims to revolutionise how you think about forwarders and data collection in Splunk and turbo charge your platform performance and improve stability.
Machine Data Workshop 101 provides an overview of Splunk's machine data platform and capabilities. It discusses Splunk's approach to collecting and indexing machine data from both traditional and non-traditional sources. The workshop also covers techniques for data enrichment including tags, field aliases, calculated fields, and lookups to provide additional context to machine data.
Splunk Discovery: Warsaw 2018 - Legacy SIEM to Splunk, How to Conquer Migrati...Splunk
Presented at Splunk Discovery Warsaw 2018:
SIEM Replacement Methodology
Use Cases
Data Sources & Data Onboarding
Architecture
Third Party Integration
You Got This!
Better Threat Analytics: From Getting Started to Cloud Security Analytics and...Splunk
Fighting the Eternal Challenge: Dealing with Alert Fatigue and Getting Insights into Security Productivity.
Lessons for a Fast Start in Automation and Orchestration.
Supercharge your decision making
Aimed at business and technology leaders to show how they can make better better business decisions, faster using the power of data.
In a world of increasing complexity, it’s more important than ever to understand the wider context whilst moving at speed.Learn how to supercharge your decision making.
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
Splunk User Behavior Analytics (UBA) 2.2 provides enhanced security analytics and detection capabilities. It uses machine learning to establish baseline behaviors and detect anomalies. UBA analyzes activities across users, hosts, networks, applications and data to identify potential threats. The latest version features expanded visibility metrics, custom threat modeling capabilities, and improved context enrichment through integrations with additional security technologies.
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
This document provides an overview of a presentation given by Dave Herrald, a security architect at Splunk, on Splunk's Enterprise Security and User Behavior Analytics solutions. The presentation covered new features in Splunk Enterprise Security 4.1, including enhanced threat intelligence integration, risk-based searching and incident review, and integration with Splunk User Behavior Analytics. It also reviewed capabilities in Splunk User Behavior Analytics 2.2 like custom threat modeling, expanded attack coverage, and context enrichment.
A Risk Based Approach to Security Detection and Investigation by Kelby SheltonJohn Billings CISSP
An overview of how a Risk Based Approach (RBA) can be adopted using Splunk Enterprise Security (ES) frameworks. The discussion will include an explanation of how RBA works, what outcomes have been seen by ES customers, and a live demo of a RBA modified ES environment with a BOTS data-set. The talk will also touch upon how Splunk Phantom can be used with RBA.
Splunk for Enterprise Security Featuring UBASplunk
This document provides an overview and summary of Splunk's security products, including Enterprise Security and User Behavior Analytics. It discusses the key capabilities and features of these products, such as detecting advanced cyberattacks, identifying insider threats through machine learning, and integrating UBA with SIEM for improved threat detection. New features in recent versions are highlighted, like custom threat modeling and enhanced visibility into user, device, application, and protocol activity. Customer testimonials praise Splunk UBA's data-science approach to finding hidden threats.
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions - Splunk Enterprise Security (ES) is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and
incident response environments. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams.
Pilveteenuste kasutamine võimaldab minutitega käivitada projekti, millele varem kulus nädalaid. Vajate müügikampaania toetamiseks lehte, mis suudab teenindada 100 tuhat kasutajat – käivita teenus kohe! Vajate terabaitide analüüsiks kiiret platvormi – käivita teenus kohe! Azure on töökindel ja kiire!
This document discusses replacing a legacy security information and event management (SIEM) system with Splunk Enterprise. It outlines 10 common problems with legacy SIEMs, such as an inability to ingest and analyze all relevant log and machine data. Customer case studies show how Splunk can help organizations replace aging SIEMs in a few months to gain scalability, faster security investigations, and the ability to ensure compliance. The presentation covers Splunk's security monitoring and analytics capabilities and migration options from legacy SIEMs to Splunk. Attendees are invited to sign up for a SIEM replacement workshop to discuss their specific needs.
Big Data For Threat Detection & ResponseHarry McLaren
Slides used at the University of Edinburgh SIGINT group (cybersecurity society). Covering what is big data, the value for security use cases, hunting for threats/actions, using Splunk to detect and respond, SIEM use and some useful searches (which were demoed).
Building Your Application Security Data Hub - OWASP AppSecUSADenim Group
One of the reasons application security is so challenging to address is that it spans multiple teams within an organization. Development teams build software, security testing teams find vulnerabilities, security operations staff manage applications in production and IT audit organizations make sure that the resulting software meets compliance and governance requirements. In addition, each team has a different toolbox they use to meet their goals, ranging from scanning tools, defect trackers, Integrated Development Environments (IDEs), WAFs and GRC systems. Unfortunately, in most organizations the interactions between these teams is often strained and the flow of data between these disparate tools and systems is non-existent or tediously implemented manually.
In today’s presentation, we will demonstrate how leading organizations are breaking down these barriers between teams and better integrating their disparate tools to enable the flow of application security data between silos to accelerate and simplify their remediation efforts. At the same time, we will show how to collect the proper data to measure the performance and illustrate the improvement of the software security program. The challenges that need to be overcome to enable teams and tools to work seamlessly with one another will be enumerated individually. Team and tool interaction patterns will also be outlined that reduce the friction that will arise while addressing application security risks. Using open source products such as OWASP ZAP, ThreadFix, Bugzilla and Eclipse, a significant amount of time will also be spent demonstrating the kinds of interactions that need to be enabled between tools. This will provide attendees with practical examples on how to replicate a powerful, integrated Application Security program within their own organizations. In addition, how to gather program-wide metrics and regularly calculate measurements such as mean-time-to-fix will also be demonstrated to enable attendees to monitor and ensure the continuing health and performance of their Application Security program.
The document provides a review and comparison of the QRadar, ArcSight, and Splunk SIEM platforms. It summarizes their key capabilities and components. For each solution, it outlines strengths such as integrated monitoring, analytics features, and scalability. It also notes weaknesses such as complexity, customization limitations, and high data volume licensing costs. The comparison finds QRadar well-suited for smaller deployments, ArcSight for medium-large organizations, and notes Splunk's log collection strengths but limited out-of-the-box correlations compared to competitors. Gartner assessments for each platform cover visibility trends, deployment challenges, and roadmap monitoring advice.
Building Elastic into security operationsElasticsearch
Learn how Optiv took foundational ideas around optimization of data ingestion, automation, and search to build world-class managed cybersecurity services with Elastic.
SplunkLive! Tampa: Splunk for Security - Hands-On SessionSplunk
This document provides an overview of a hands-on demo of Splunk Enterprise Security (ES) using a free sandbox environment. It discusses creating a sandbox, exploring common ES features like the risk analysis dashboard, threat intelligence, and incident response workflow. The demo shows how to investigate a malware detected event, view asset details, and add context with lookups. It encourages exploring more advanced threat capabilities and additional reports in ES to gain experience with the platform.
Apache Spark for Cyber Security in an Enterprise CompanyDatabricks
In order to understand and react to their security situation, many cybersecurity operations use Security information and event management (SIEM) software nowadays. Using a traditional SIEM in a large company such as HP Enterprise is a challenge due to the increasing volume and rate of data. We present the solution used to reduce data volume processed by the SIEM using Spark Streaming and the results obtained in processing one of the largest data feeds in HPE: Firewall logs. Testing of SIEM rules the traditional way is a time-consuming process. Usually, it is necessary to wait one day to get results and statistic for one-day production data. An alternative approach to build a SIEM using Spark and other big data technologies will be drafted and results of “fast forward” processing of production data snapshots will be presented. HPE is the target of sophisticated well-crafted attacks and deployed cyber Security tools are not able to detect all of them. A simple application, built using Spark MLlib and company-specific data for training, for detection of malicious trending domains will be described. Takeaways: Spark streaming can be used to pre-process cybersecurity data and reduce their amount for further processing. Spark MLlib can be used to add the additional detecting capability for specific use cases.
In this presentation, we will share how Hewlett Packard Enterprise has implemented Apache Spark to deal with three main cyber security use cases:
1) Using Spark to help Security information and event management (SIEM) process an increasing amount of data
2) Using Spark to test SIEMs rules by “fast forward” processing of production data snapshots.
3) Implementing machine learning to add an additional detection capability
Get Started with Cloudera’s Cyber SolutionCloudera, Inc.
Cloudera empowers cybersecurity innovators to proactively secure the enterprise by accelerating threat detection, investigation, and response through machine learning and complete enterprise visibility. Cloudera’s cybersecurity solution, based on Apache Spot, enables anomaly detection, behavior analytics, and comprehensive access across all enterprise data using an open, scalable platform. But what’s the easiest way to get started?
Join Cloudera, StreamSets, and Arcadia Data as we show you first hand how we have made it easier to get your first use case up and running. During this session you will learn:
Signs you need Cloudera’s cybersecurity solution
How StreamSets can help increase enterprise visibility
Providing your security analyst the right context at the right time with modern visualizations
3 things to learn:
Signs you need Cloudera’s cybersecurity solution
How StreamSets can help increase enterprise visibility
Providing your security analyst the right context at the right time with modern visualizations
For Business's Sake, Let's focus on AppSecLalit Kale
Slide-Deck for session on Application Security at Limerick DotNet-Azure User Group on 15th Feb, 2018
Event URL: https://www.meetup.com/Limerick-DotNet/events/hzctdpyxdbtb/
The extent and impact of recent security breaches is showing that current security approaches are just not working. But what can we do to protect our business? We have been advocating monitoring for a long time as a way to detect subtle, advanced attacks that are still making it through our defenses. However, products have failed to deliver on this promise.
Current solutions don't scale in both data volume and analytical insights. In this presentation we will explore what security monitoring is. Specifically, we are going to explore the question of how to visualize a billion log records. A number of security visualization examples will illustrate some of the challenges with big data visualization. They will also help illustrate how data mining and user experience design help us get a handle on the security visualization challenges - enabling us to gain deep insight for a number of security use-cases.
SplunkLive! Zurich 2018: Use Splunk for Incident Response, Orchestration and ...Splunk
This document discusses using Splunk for incident response, orchestration, and automation. It notes that incident response currently takes significant time, with containment and response phases accounting for 72% of the time spent on incidents. It proposes that security operations need to change through orchestration and automation using adaptive response. Adaptive response aims to accelerate detection, investigation, and response by centrally automating data retrieval, sharing, and response actions across security tools and domains. This improves efficiency and extracts new insights through leveraging shared context and actions.
Similar to July 2021 Virtual PNW Splunk User Group Slides (20)
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
21. 21
About Puget Sound Energy
• 1.1 M Electric Customers
• 790 K Gas Customers
• 6,000 square mile area
• Deliver 5 GW of Electricity
• Produce 3.6 GW
• Jackson Prairie Gas Storage
• 25 Billion Cubic Feet Working
Capacity
• 14th Largest in the Country
22. 22
About Me
• Pacific Northwest National Laboratory for 13 years + 3 years as an intern before moving
to PSE.
• Computer Forensics
• Cyber Intelligence
• Cyber Counterintelligence
• Cyber Law Enforcement Support
• Critical Infrastructure Protection Projects
• + more stuff
• PSE: 4 years and counting
• Cybersecurity Incident Response Manager
• Cyber Defense Center Lead
23. 23
• Present – Where are we today
• Future – Where are we going
Topics
24. 24
Splunk ES Build with Mitre Att&ck
• Clean Slate to build from…Mitre Att&ck Framework
• Methodology and Organization to event detections
• Use Case: Identity and Access Monitoring
30. 30
Threat Intelligence Driven
• Threat Model
• Stix (v2.1 or newer)
• Mitre Att&ck Techniques
• Threat Actors
• Targeting & Observables
• 🡪Risk Model
• 🡪 Threat Detections and Threat Hunts
• Result = Cybersecurity Operations Threat Model
31. 31
Incident Response err SOAR
• Splunk Phantom - Automation does Threat/Incident Response
• Risk Scoring
• Ticketing – Opening, Updating, Closing
• Get Info – Host & User & Application(s) if server
• Enrichment – URL, Domain, User, Email, IP, etc
• Related Information – Threat Intel Links
• Lock AD Accounts – User and System
• FW Blocks – IP, Domain, URL
• Quarantine – Email or File
• Isolate a System
• EDR Isolate or Network Segment Isolate via SDN
• And More…