SlideShare a Scribd company logo

SNMP and splunk

Download as PPTX, PDF
Ashley Hartge
Ashley Hartge

This document describes how Ashley Hartge implemented Splunk at their organization Verizon to improve network security monitoring and reporting. It outlines how they started with a single Splunk instance ingesting incident data to create dynamic ad-hoc reports. They then expanded Splunk to include distributed collection of SNMP data from network devices using forwarders. The document also provides examples of using Python scripts to poll thousands of devices and ingest the data into Splunk.

Technology
1 of 30
 Ashley Hartge (https://au.linkedin.com/in/ashleyhartge)  Not a professional speaker / presenter  19+ years full-time in the IT Industry  7+ years in Managed Network Security space  Senior Network Security Engineer  Verizon – Global Commercial MSS Provider  splunk> user since 2009 (personal & prof.)  ActiveVerizon splunk> evangelist (APAC & US)
 Verizon - Global Commercial MSS Provider  In-House SIEM product for many years  Legacy selection of pre-canned reports  Increasing need for dynamic ad/hoc reports  Internal & Customer driven  Difficult & rigid ETL process (release cycles)  Any changes need development / release work  Manually craft DB Query -> CSV -> Pivot table……  Needed reporting at the speed of thought
 Using splunk for home / lab networks … why not see what can be done for our reports …  Old SOC workstation  Download & install splunk eval  Ingest a day’s incidents  Build reports  Blow management’s mind with visibility  Splunk grabs a foothold ….The rest is history
 Secondary use-case after deploying splunk  IT Ops | CMDB | Process Auditing |Tracking  Basic SNMP polling using splunk>  Distributed deployment with remote collection  Large scale scripted collection
Simplest deployment of single instance directly polling end device
https://splunkbase.splunk.com/app/1537/
Expand our single instance, with forwarders remotely collecting SNMP data
 Setup Receiving port on Indexer  Install Forwarder
 Configure Forwarding to your indexer  Unzip & Install SNMP Modular input on Universal Forwarder
 Configure /local/inputs.conf on Forwarder with community string & OIDs for polling.
 Restart forwarder & verify events being received  Create tags to give recognisable names to the hosts (this could also be done within the input or a lookup)
 Run a simple search on the sourcetype to see if we are getting data (SNMP was configured to poll the device every minute). Notice our host tags we configured
 Quick & Dirty regex to showTEMP & HUMIDITY from our sensors
 Use splunk field extractor
 The values are provided by the sensors but need to be divided by 10 & rounded  Solution = calculated field
Python script to poll 1000’s of devices, output to CSV, scp to splunk server, index CSV into splunk
Compile a list of SNMP OIDs that provide the values we want from each platform, then use python script to connect to management stations, snmp poll the devices & return the result into CSV file – which is scp to the Indexer 'fortigate': {'hostname': '1.3.6.1.2.1.1.5.0', 'uptime': '1.3.6.1.2.1.1.3.0', 'model': 'SNMPv2-SMI::mib-2.47.1.1.1.1.10.1', 'version': 'SNMPv2- SMI::enterprises.12356.101.4.1.1.0', 'serial': '1.3.6.1.4.1.12356.100.1.1.1.0', 'avsig': '1.3.6.1.4.1.12356.101.4.2.1.0', 'idssig': '1.3.6.1.4.1.12356.101.4.2.2.0', 'go':True} 'paloalto': {'model': '1.3.6.1.4.1.25461.2.1.2.2.1.0', 'version': '1.3.6.1.4.1.25461.2.1.2.1.1.0', 'uptime': '1.3.6.1.2.1.1.3.0', 'serial': '.1.3.6.1.4.1.25461.2.1.2.1.3.0', 'avsig': '1.3.6.1.4.1.25461.2.1.2.1.8.0', 'idssig': '1.3.6.1.4.1.25461.2.1.2.1.9.0', 'go':True} 'cisco-asa-ssm': {'hostname': 'SNMPv2-MIB::sysName.0', 'uptime': 'HOST- RESOURCES-MIB::hrSystemUptime.0', 'model': 'SNMPv2-SMI::mib- 2.47.1.1.1.1.13.1', 'version': 'SNMPv2-SMI::enterprises.9.9.383.1.4.20.0', 'serial': 'SNMPv2-SMI::mib-2.47.1.1.1.1.11.1', 'license': 'SNMPv2- SMI::enterprises.9.9.383.1.4.22.00', 'idssig': 'SNMPv2- SMI::enterprises.9.9.383.1.4.21.0', 'go':True}
 Splunk easily ingests CSV data  Because our output file does NOT contain CSV header names on the first row – we pre-create a sourcetype, naming our columns  props.conf  transforms.conf
 Create an input to monitor the csv
 Vendor signature release details (scrape)
 Dynamic Python Input Files  | inputlookup asset | table ip, snmp_community, platform | outputlookup fabricsource.csv  Dynamically deploy to forwarders  Deployment server to push input file to forwarder  Scripted inputs on forwarders to replace cron job(s) & csv-fu
SNMP and splunk

Recommended

Colt: The Future of Telco Cloud
Colt: The Future of Telco Cloud Colt: The Future of Telco Cloud
Colt: The Future of Telco Cloud
Colt Technology Services
 
D2L Brightspace Vendor Integrations: Technology and Terminology
D2L Brightspace Vendor Integrations: Technology and TerminologyD2L Brightspace Vendor Integrations: Technology and Terminology
D2L Brightspace Vendor Integrations: Technology and Terminology
D2L Barry
 
EENA 2021: Implementing Next Generation 112 (2/3)
EENA 2021: Implementing Next Generation 112 (2/3)EENA 2021: Implementing Next Generation 112 (2/3)
EENA 2021: Implementing Next Generation 112 (2/3)
EENA (European Emergency Number Association)
 
SIP security in IP telephony
SIP security in IP telephonySIP security in IP telephony
SIP security in IP telephony
PaloSanto Solutions
 
Ims conference-call
Ims conference-callIms conference-call
Ims conference-call
Govind Dolare
 
UCCX vs PCCE vs UCCE
UCCX vs PCCE vs UCCEUCCX vs PCCE vs UCCE
UCCX vs PCCE vs UCCE
NovelVox
 
SD-WAN PROTOCOLS
SD-WAN PROTOCOLSSD-WAN PROTOCOLS
SD-WAN PROTOCOLS
bilal anjum
 
Beginners: 5G Terminology (Updated - Feb 2019)
Beginners: 5G Terminology (Updated - Feb 2019)Beginners: 5G Terminology (Updated - Feb 2019)
Beginners: 5G Terminology (Updated - Feb 2019)
3G4G
 

Recommended

Colt: The Future of Telco Cloud
Colt: The Future of Telco Cloud Colt: The Future of Telco Cloud
Colt: The Future of Telco Cloud
Colt Technology Services
 
D2L Brightspace Vendor Integrations: Technology and Terminology
D2L Brightspace Vendor Integrations: Technology and TerminologyD2L Brightspace Vendor Integrations: Technology and Terminology
D2L Brightspace Vendor Integrations: Technology and Terminology
D2L Barry
 
EENA 2021: Implementing Next Generation 112 (2/3)
EENA 2021: Implementing Next Generation 112 (2/3)EENA 2021: Implementing Next Generation 112 (2/3)
EENA 2021: Implementing Next Generation 112 (2/3)
EENA (European Emergency Number Association)
 
SIP security in IP telephony
SIP security in IP telephonySIP security in IP telephony
SIP security in IP telephony
PaloSanto Solutions
 
Ims conference-call
Ims conference-callIms conference-call
Ims conference-call
Govind Dolare
 
UCCX vs PCCE vs UCCE
UCCX vs PCCE vs UCCEUCCX vs PCCE vs UCCE
UCCX vs PCCE vs UCCE
NovelVox
 
SD-WAN PROTOCOLS
SD-WAN PROTOCOLSSD-WAN PROTOCOLS
SD-WAN PROTOCOLS
bilal anjum
 
Beginners: 5G Terminology (Updated - Feb 2019)
Beginners: 5G Terminology (Updated - Feb 2019)Beginners: 5G Terminology (Updated - Feb 2019)
Beginners: 5G Terminology (Updated - Feb 2019)
3G4G
 
5G Network World Map
5G Network World Map5G Network World Map
5G Network World Map
Forest Interactive
 
Sensu Monitoring
Sensu MonitoringSensu Monitoring
Sensu Monitoring
Mohanasundaram Ponnusamy
 
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Databricks
 
CloudGenix_Customer Presentation
CloudGenix_Customer PresentationCloudGenix_Customer Presentation
CloudGenix_Customer PresentationSyed Arsalan
 
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
Robb Boyd
 
LoRaWAN in Depth
LoRaWAN in DepthLoRaWAN in Depth
LoRaWAN in Depth
APNIC
 
network programing lab file ,
network programing lab file ,network programing lab file ,
network programing lab file ,
AAlha PaiKra
 
Faster to 5G
Faster to 5GFaster to 5G
Faster to 5G
Ericsson
 
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
Hidetsugu Sugiyama
 
Ericsson 5 g platform
Ericsson 5 g platformEricsson 5 g platform
Ericsson 5 g platform
Ericsson
 
emea_cisco_live_webinar_150623.pptx
emea_cisco_live_webinar_150623.pptxemea_cisco_live_webinar_150623.pptx
emea_cisco_live_webinar_150623.pptx
ThousandEyes
 
XG Firewall
XG FirewallXG Firewall
XG Firewall
DeServ - Tecnologia e Servços
 
FTN Architecture
FTN ArchitectureFTN Architecture
FTN Architecturebonesbalkham
 
Telecommunications and Network Security Presentation
Telecommunications and Network Security PresentationTelecommunications and Network Security Presentation
Telecommunications and Network Security PresentationWajahat Rajab
 
Avaya IP Office Overview
Avaya IP Office OverviewAvaya IP Office Overview
Avaya IP Office Overview
Motty Ben Atia
 
Meraki overview sales deck inside sales
Meraki overview sales deck inside salesMeraki overview sales deck inside sales
Meraki overview sales deck inside sales
Haffizulla Rahman
 
Small cell Evolution
Small cell Evolution Small cell Evolution
Small cell Evolution
Ericsson
 
Juniper Switch Overview
Juniper Switch OverviewJuniper Switch Overview
Juniper Switch Overview
igxglobal UK Ltd
 
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem... 5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
PositiveTechnologies
 
Zabbix monitoring in 5 pictures
Zabbix monitoring in 5 pictures Zabbix monitoring in 5 pictures
Zabbix monitoring in 5 pictures
Nicola Mauri
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled PresentationAntonio Gomez Canovas
 
Ahg microsoft stream_insight_queries
Ahg microsoft stream_insight_queriesAhg microsoft stream_insight_queries
Ahg microsoft stream_insight_queriesSteve Xu
 

More Related Content

What's hot

5G Network World Map
5G Network World Map5G Network World Map
5G Network World Map
Forest Interactive
 
Sensu Monitoring
Sensu MonitoringSensu Monitoring
Sensu Monitoring
Mohanasundaram Ponnusamy
 
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Databricks
 
CloudGenix_Customer Presentation
CloudGenix_Customer PresentationCloudGenix_Customer Presentation
CloudGenix_Customer PresentationSyed Arsalan
 
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
Robb Boyd
 
LoRaWAN in Depth
LoRaWAN in DepthLoRaWAN in Depth
LoRaWAN in Depth
APNIC
 
network programing lab file ,
network programing lab file ,network programing lab file ,
network programing lab file ,
AAlha PaiKra
 
Faster to 5G
Faster to 5GFaster to 5G
Faster to 5G
Ericsson
 
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
Hidetsugu Sugiyama
 
Ericsson 5 g platform
Ericsson 5 g platformEricsson 5 g platform
Ericsson 5 g platform
Ericsson
 
emea_cisco_live_webinar_150623.pptx
emea_cisco_live_webinar_150623.pptxemea_cisco_live_webinar_150623.pptx
emea_cisco_live_webinar_150623.pptx
ThousandEyes
 
Telecommunications and Network Security Presentation
Telecommunications and Network Security PresentationTelecommunications and Network Security Presentation
Telecommunications and Network Security PresentationWajahat Rajab
 
Avaya IP Office Overview
Avaya IP Office OverviewAvaya IP Office Overview
Avaya IP Office Overview
Motty Ben Atia
 
Meraki overview sales deck inside sales
Meraki overview sales deck inside salesMeraki overview sales deck inside sales
Meraki overview sales deck inside sales
Haffizulla Rahman
 
Small cell Evolution
Small cell Evolution Small cell Evolution
Small cell Evolution
Ericsson
 
Juniper Switch Overview
Juniper Switch OverviewJuniper Switch Overview
Juniper Switch Overview
igxglobal UK Ltd
 
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem... 5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
PositiveTechnologies
 
Zabbix monitoring in 5 pictures
Zabbix monitoring in 5 pictures Zabbix monitoring in 5 pictures
Zabbix monitoring in 5 pictures
Nicola Mauri
 

What's hot (20)

5G Network World Map
5G Network World Map5G Network World Map
5G Network World Map
 
Sensu Monitoring
Sensu MonitoringSensu Monitoring
Sensu Monitoring
 
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
Apache Spark AI Use Case in Telco: Network Quality Analysis and Prediction wi...
 
CloudGenix_Customer Presentation
CloudGenix_Customer PresentationCloudGenix_Customer Presentation
CloudGenix_Customer Presentation
 
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
TechWiseTV Workshop: Cisco Catalyst 9100 Access Points for Wi-Fi 6
 
LoRaWAN in Depth
LoRaWAN in DepthLoRaWAN in Depth
LoRaWAN in Depth
 
network programing lab file ,
network programing lab file ,network programing lab file ,
network programing lab file ,
 
Faster to 5G
Faster to 5GFaster to 5G
Faster to 5G
 
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
OpenShift Kubernetes Native Infrastructure for 5GC and Telco Edge Cloud
 
Ericsson 5 g platform
Ericsson 5 g platformEricsson 5 g platform
Ericsson 5 g platform
 
emea_cisco_live_webinar_150623.pptx
emea_cisco_live_webinar_150623.pptxemea_cisco_live_webinar_150623.pptx
emea_cisco_live_webinar_150623.pptx
 
XG Firewall
XG FirewallXG Firewall
XG Firewall
 
FTN Architecture
FTN ArchitectureFTN Architecture
FTN Architecture
 
Telecommunications and Network Security Presentation
Telecommunications and Network Security PresentationTelecommunications and Network Security Presentation
Telecommunications and Network Security Presentation
 
Avaya IP Office Overview
Avaya IP Office OverviewAvaya IP Office Overview
Avaya IP Office Overview
 
Meraki overview sales deck inside sales
Meraki overview sales deck inside salesMeraki overview sales deck inside sales
Meraki overview sales deck inside sales
 
Small cell Evolution
Small cell Evolution Small cell Evolution
Small cell Evolution
 
Juniper Switch Overview
Juniper Switch OverviewJuniper Switch Overview
Juniper Switch Overview
 
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem... 5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
 
Zabbix monitoring in 5 pictures
Zabbix monitoring in 5 pictures Zabbix monitoring in 5 pictures
Zabbix monitoring in 5 pictures
 

Viewers also liked

Ahg microsoft stream_insight_queries
Ahg microsoft stream_insight_queriesAhg microsoft stream_insight_queries
Ahg microsoft stream_insight_queriesSteve Xu
 
Office furniture design san antonio tx
Office furniture design san antonio txOffice furniture design san antonio tx
Office furniture design san antonio tx
Michael Back
 
Products
ProductsProducts
Products
Rastelli Market
 
Shot List
Shot ListShot List
Shot List
ameerahmed123
 
El romanticismo
El romanticismoEl romanticismo
El romanticismo
David Antony Morejón
 
Location scouting
Location scoutingLocation scouting
Location scouting
ameerahmed123
 
Powerpoint for question 2
Powerpoint for question 2Powerpoint for question 2
Powerpoint for question 2
ameerahmed123
 
Clasicismo MUSICal
Clasicismo MUSICalClasicismo MUSICal
Clasicismo MUSICal
Moisecitos Gonzales
 
Ameer & William Pitch
Ameer & William PitchAmeer & William Pitch
Ameer & William Pitch
ameerahmed123
 
Office furniture design san antonio tx
Office furniture design san antonio txOffice furniture design san antonio tx
Office furniture design san antonio tx
Michael Back
 
Great ways to prepare your steak
Great ways to prepare your steakGreat ways to prepare your steak
Great ways to prepare your steak
Rastelli Market
 

Viewers also liked (15)

Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
 
Ahg microsoft stream_insight_queries
Ahg microsoft stream_insight_queriesAhg microsoft stream_insight_queries
Ahg microsoft stream_insight_queries
 
Office furniture design san antonio tx
Office furniture design san antonio txOffice furniture design san antonio tx
Office furniture design san antonio tx
 
Products
ProductsProducts
Products
 
Shot List
Shot ListShot List
Shot List
 
Slide
SlideSlide
Slide
 
El romanticismo
El romanticismoEl romanticismo
El romanticismo
 
Location scouting
Location scoutingLocation scouting
Location scouting
 
Powerpoint for question 2
Powerpoint for question 2Powerpoint for question 2
Powerpoint for question 2
 
Clasicismo MUSICal
Clasicismo MUSICalClasicismo MUSICal
Clasicismo MUSICal
 
Ameer & William Pitch
Ameer & William PitchAmeer & William Pitch
Ameer & William Pitch
 
αμερικη
αμερικηαμερικη
αμερικη
 
Template
TemplateTemplate
Template
 
Office furniture design san antonio tx
Office furniture design san antonio txOffice furniture design san antonio tx
Office furniture design san antonio tx
 
Great ways to prepare your steak
Great ways to prepare your steakGreat ways to prepare your steak
Great ways to prepare your steak
 

Similar to SNMP and splunk

Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Infrastructure Automation
Infrastructure Automation Infrastructure Automation
Infrastructure Automation
Groupware Technology
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
Splunk
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Puppet
 
Real-Time Status Commands
Real-Time Status CommandsReal-Time Status Commands
Real-Time Status Commands
Splunk
 
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with SplunkSplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
Splunk
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Shannon Cuthbertson
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Mainframe Customer Education Webcast: New Ironstream Facilities for Enhanced ...
Mainframe Customer Education Webcast: New Ironstream Facilities for Enhanced ...Mainframe Customer Education Webcast: New Ironstream Facilities for Enhanced ...
Mainframe Customer Education Webcast: New Ironstream Facilities for Enhanced ...
Precisely
 
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
Splunk
 
SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security Ninjitsu
Splunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk
 
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017
Mohamad Hassan
 
10 years in Network Protocol testing L2 L3 L4-L7 Tcl Python Manual and Automa...
10 years in Network Protocol testing L2 L3 L4-L7 Tcl Python Manual and Automa...10 years in Network Protocol testing L2 L3 L4-L7 Tcl Python Manual and Automa...
10 years in Network Protocol testing L2 L3 L4-L7 Tcl Python Manual and Automa...Mullaiselvan Mohan
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT Operations
Gabrielle Knowles
 
SplunkLive Wellington 2015 - Operational Intelligence
SplunkLive Wellington 2015 - Operational IntelligenceSplunkLive Wellington 2015 - Operational Intelligence
SplunkLive Wellington 2015 - Operational Intelligence
Splunk
 

Similar to SNMP and splunk (20)

Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Infrastructure Automation
Infrastructure Automation Infrastructure Automation
Infrastructure Automation
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 
Real-Time Status Commands
Real-Time Status CommandsReal-Time Status Commands
Real-Time Status Commands
 
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with SplunkSplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
SplunkLive! Amsterdam 2015 Breakout - Getting Started with Splunk
 
Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Mainframe Customer Education Webcast: New Ironstream Facilities for Enhanced ...
Mainframe Customer Education Webcast: New Ironstream Facilities for Enhanced ...Mainframe Customer Education Webcast: New Ironstream Facilities for Enhanced ...
Mainframe Customer Education Webcast: New Ironstream Facilities for Enhanced ...
 
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRTSplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
SplunkLive! Zurich 2018: Splunk for Security at Swisscom CSIRT
 
SplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security NinjitsuSplunkSummit 2015 - Security Ninjitsu
SplunkSummit 2015 - Security Ninjitsu
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding OverviewSplunkLive! Frankfurt 2018 - Data Onboarding Overview
SplunkLive! Frankfurt 2018 - Data Onboarding Overview
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017
 
10 years in Network Protocol testing L2 L3 L4-L7 Tcl Python Manual and Automa...
10 years in Network Protocol testing L2 L3 L4-L7 Tcl Python Manual and Automa...10 years in Network Protocol testing L2 L3 L4-L7 Tcl Python Manual and Automa...
10 years in Network Protocol testing L2 L3 L4-L7 Tcl Python Manual and Automa...
 
Delivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT OperationsDelivering New Visibility and Analytics for IT Operations
Delivering New Visibility and Analytics for IT Operations
 
SplunkLive Wellington 2015 - Operational Intelligence
SplunkLive Wellington 2015 - Operational IntelligenceSplunkLive Wellington 2015 - Operational Intelligence
SplunkLive Wellington 2015 - Operational Intelligence
 

Recently uploaded

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 

SNMP and splunk

  • 1.
  • 2.  Ashley Hartge (https://au.linkedin.com/in/ashleyhartge)  Not a professional speaker / presenter  19+ years full-time in the IT Industry  7+ years in Managed Network Security space  Senior Network Security Engineer  Verizon – Global Commercial MSS Provider  splunk> user since 2009 (personal & prof.)  ActiveVerizon splunk> evangelist (APAC & US)
  • 3.  Verizon - Global Commercial MSS Provider  In-House SIEM product for many years  Legacy selection of pre-canned reports  Increasing need for dynamic ad/hoc reports  Internal & Customer driven  Difficult & rigid ETL process (release cycles)  Any changes need development / release work  Manually craft DB Query -> CSV -> Pivot table……  Needed reporting at the speed of thought
  • 4.  Using splunk for home / lab networks … why not see what can be done for our reports …  Old SOC workstation  Download & install splunk eval  Ingest a day’s incidents  Build reports  Blow management’s mind with visibility  Splunk grabs a foothold ….The rest is history
  • 5.  Secondary use-case after deploying splunk  IT Ops | CMDB | Process Auditing |Tracking  Basic SNMP polling using splunk>  Distributed deployment with remote collection  Large scale scripted collection
  • 6. Simplest deployment of single instance directly polling end device
  • 8.
  • 9. Expand our single instance, with forwarders remotely collecting SNMP data
  • 10.  Setup Receiving port on Indexer  Install Forwarder
  • 11.  Configure Forwarding to your indexer  Unzip & Install SNMP Modular input on Universal Forwarder
  • 12.  Configure /local/inputs.conf on Forwarder with community string & OIDs for polling.
  • 13.  Restart forwarder & verify events being received  Create tags to give recognisable names to the hosts (this could also be done within the input or a lookup)
  • 14.  Run a simple search on the sourcetype to see if we are getting data (SNMP was configured to poll the device every minute). Notice our host tags we configured
  • 15.  Quick & Dirty regex to showTEMP & HUMIDITY from our sensors
  • 16.  Use splunk field extractor
  • 17.
  • 18.  The values are provided by the sensors but need to be divided by 10 & rounded  Solution = calculated field
  • 19.
  • 20.
  • 21. Python script to poll 1000’s of devices, output to CSV, scp to splunk server, index CSV into splunk
  • 22. Compile a list of SNMP OIDs that provide the values we want from each platform, then use python script to connect to management stations, snmp poll the devices & return the result into CSV file – which is scp to the Indexer 'fortigate': {'hostname': '1.3.6.1.2.1.1.5.0', 'uptime': '1.3.6.1.2.1.1.3.0', 'model': 'SNMPv2-SMI::mib-2.47.1.1.1.1.10.1', 'version': 'SNMPv2- SMI::enterprises.12356.101.4.1.1.0', 'serial': '1.3.6.1.4.1.12356.100.1.1.1.0', 'avsig': '1.3.6.1.4.1.12356.101.4.2.1.0', 'idssig': '1.3.6.1.4.1.12356.101.4.2.2.0', 'go':True} 'paloalto': {'model': '1.3.6.1.4.1.25461.2.1.2.2.1.0', 'version': '1.3.6.1.4.1.25461.2.1.2.1.1.0', 'uptime': '1.3.6.1.2.1.1.3.0', 'serial': '.1.3.6.1.4.1.25461.2.1.2.1.3.0', 'avsig': '1.3.6.1.4.1.25461.2.1.2.1.8.0', 'idssig': '1.3.6.1.4.1.25461.2.1.2.1.9.0', 'go':True} 'cisco-asa-ssm': {'hostname': 'SNMPv2-MIB::sysName.0', 'uptime': 'HOST- RESOURCES-MIB::hrSystemUptime.0', 'model': 'SNMPv2-SMI::mib- 2.47.1.1.1.1.13.1', 'version': 'SNMPv2-SMI::enterprises.9.9.383.1.4.20.0', 'serial': 'SNMPv2-SMI::mib-2.47.1.1.1.1.11.1', 'license': 'SNMPv2- SMI::enterprises.9.9.383.1.4.22.00', 'idssig': 'SNMPv2- SMI::enterprises.9.9.383.1.4.21.0', 'go':True}
  • 23.  Splunk easily ingests CSV data  Because our output file does NOT contain CSV header names on the first row – we pre-create a sourcetype, naming our columns  props.conf  transforms.conf
  • 24.  Create an input to monitor the csv
  • 25.  Vendor signature release details (scrape)
  • 26.
  • 27.
  • 28.
  • 29.  Dynamic Python Input Files  | inputlookup asset | table ip, snmp_community, platform | outputlookup fabricsource.csv  Dynamically deploy to forwarders  Deployment server to push input file to forwarder  Scripted inputs on forwarders to replace cron job(s) & csv-fu