This document provides an agenda for a Splunk conference on March 15th 2017 in Manchester. The agenda includes:
- An introduction and welcome from 09:30-09:45
- Two session from 09:45-12:15 on data-driven IT operations and best practices for security investigations
- A lunch break from 12:30-13:30
- The event concludes at 13:30
Delivering business value from operational insights at ING BankSplunk
The document discusses how ING Bank uses Splunk to extract business value from operational data. It describes several IT use cases like customer pre-scoring, portfolio management, fraud detection and reducing downtime. It also discusses expanding the use of Splunk beyond IT to business cases like customer journey mapping. The document shares details of ING Bank's Splunk implementation, how it migrated systems to Splunk, and future plans to integrate Hadoop and machine learning.
Machine Data 101: Turning Data Into Insight is a presentation about using Splunk software to analyze machine data. It discusses topics such as:
- What machine data is and examples of common sources like log files, social media, call center systems
- How Splunk indexes machine data from various sources in real-time regardless of format
- Techniques for enriching data in Splunk like tags, field aliases, calculated fields, event types, and lookups from external data sources
- Examples of collecting non-traditional data sources into Splunk like network data, HTTP events, databases, and mobile app data
The presentation provides an overview of Splunk's machine data platform and techniques for analyzing, enrich
Best Practices For Sharing Data Across The EnteprriseSplunk
The document discusses best practices for sharing data across an enterprise using Splunk. It provides an overview of Splunk's Business Value Consulting services and common value drivers they have identified for IT operations, security and compliance, and application development. These include reducing incident resolution times, improving security event detection and response times, and accelerating development cycles. It also lists many common data sources that are important for realizing these benefits, such as various log files, network devices, databases, and applications.
The document discusses how Splunk provides a platform for operational intelligence by unifying machine data from various IT systems and applications. It summarizes Splunk's capabilities for monitoring infrastructure components, applications, and virtual environments. The presentation includes an agenda, descriptions of IT complexity challenges and how Splunk addresses them with its platform. It also provides overviews and demonstrations of specific Splunk apps for monitoring Exchange, VMware, NetApp, and other systems.
Building a Security Information and Event Management platform at Travis Per...Splunk
Faced with a complex, heterogeneous IT infrastructure and a ‘Cloud First’ instruction from the board, Nick Bleech, Head of Information Security at building supplies giant Travis Perkins, used Splunk Enterprise Security running on Splunk Cloud to deliver enhanced security for 27,000 employees.
Splunk allowed Travis Perkins to provide real-time security monitoring, faster incident resolution and improved data governance while delivering demonstrable business value to the board.
In this webinar, Nick Bleech discusses:
● The business and security drivers of deploying a cloud-based security incident and event management solution
● The overall benefits of the Splunk solution
● The project’s critical success factors
● How stakeholders and the overall project were managed
● The positive impact on the deployment on the IT operations and IT security teams
● The next steps in the development of a lightweight security operations centre
SplunkLive! Utrecht - Splunk for IT Operations - Rick FitzSplunk
This document discusses how increasing IT complexity from technologies like virtualization, SaaS applications, and custom applications has made IT operations more difficult. It presents Splunk as a solution for capturing data from all IT systems and applications in order to perform operational analytics. This allows organizations to gain insights across their IT infrastructure and applications for tasks like root cause analysis, capacity planning, security monitoring, and service level reporting. The document highlights some of Splunk's key capabilities and differentiators like indexing data once for multiple uses, scaling to large environments, and providing a fast time to value. It also includes two customer examples of how Credit Suisse and Surrey Satellite have benefited from using Splunk for IT operations.
SplunkLive! München 2016 - Splunk für IT OperationsSplunk
The document discusses Splunk for IT operations (ITOps). It provides an overview of how Splunk can help organizations gain operational intelligence and visibility across their IT infrastructure and applications. Some key points:
- Splunk consolidates machine data from different sources like servers, storage, networking devices, applications etc. into a single platform for monitoring, searching and analyzing data.
- It helps overcome issues of disconnected point solutions, siloed teams and outdated tools that take up majority of IT time for maintenance instead of innovation.
- Splunk provides real-time search capabilities to help IT teams act as "first responders" and reduce problem resolution time from days to minutes by quickly searching across all log data.
SplunkLive! Utrecht - Splunk for Security - Monzy MerzaSplunk
The document discusses transforming security through new approaches like adaptive response, machine learning, and centralized monitoring and command centers. It summarizes new features being added to Splunk Enterprise Security like improved threat detection, user behavior analytics, adaptive response capabilities, and enhanced visual analytics. The presentation highlights how these new Splunk security solutions help optimize security operations centers and augment or replace security information and event management systems.
Delivering business value from operational insights at ING BankSplunk
The document discusses how ING Bank uses Splunk to extract business value from operational data. It describes several IT use cases like customer pre-scoring, portfolio management, fraud detection and reducing downtime. It also discusses expanding the use of Splunk beyond IT to business cases like customer journey mapping. The document shares details of ING Bank's Splunk implementation, how it migrated systems to Splunk, and future plans to integrate Hadoop and machine learning.
Machine Data 101: Turning Data Into Insight is a presentation about using Splunk software to analyze machine data. It discusses topics such as:
- What machine data is and examples of common sources like log files, social media, call center systems
- How Splunk indexes machine data from various sources in real-time regardless of format
- Techniques for enriching data in Splunk like tags, field aliases, calculated fields, event types, and lookups from external data sources
- Examples of collecting non-traditional data sources into Splunk like network data, HTTP events, databases, and mobile app data
The presentation provides an overview of Splunk's machine data platform and techniques for analyzing, enrich
Best Practices For Sharing Data Across The EnteprriseSplunk
The document discusses best practices for sharing data across an enterprise using Splunk. It provides an overview of Splunk's Business Value Consulting services and common value drivers they have identified for IT operations, security and compliance, and application development. These include reducing incident resolution times, improving security event detection and response times, and accelerating development cycles. It also lists many common data sources that are important for realizing these benefits, such as various log files, network devices, databases, and applications.
The document discusses how Splunk provides a platform for operational intelligence by unifying machine data from various IT systems and applications. It summarizes Splunk's capabilities for monitoring infrastructure components, applications, and virtual environments. The presentation includes an agenda, descriptions of IT complexity challenges and how Splunk addresses them with its platform. It also provides overviews and demonstrations of specific Splunk apps for monitoring Exchange, VMware, NetApp, and other systems.
Building a Security Information and Event Management platform at Travis Per...Splunk
Faced with a complex, heterogeneous IT infrastructure and a ‘Cloud First’ instruction from the board, Nick Bleech, Head of Information Security at building supplies giant Travis Perkins, used Splunk Enterprise Security running on Splunk Cloud to deliver enhanced security for 27,000 employees.
Splunk allowed Travis Perkins to provide real-time security monitoring, faster incident resolution and improved data governance while delivering demonstrable business value to the board.
In this webinar, Nick Bleech discusses:
● The business and security drivers of deploying a cloud-based security incident and event management solution
● The overall benefits of the Splunk solution
● The project’s critical success factors
● How stakeholders and the overall project were managed
● The positive impact on the deployment on the IT operations and IT security teams
● The next steps in the development of a lightweight security operations centre
SplunkLive! Utrecht - Splunk for IT Operations - Rick FitzSplunk
This document discusses how increasing IT complexity from technologies like virtualization, SaaS applications, and custom applications has made IT operations more difficult. It presents Splunk as a solution for capturing data from all IT systems and applications in order to perform operational analytics. This allows organizations to gain insights across their IT infrastructure and applications for tasks like root cause analysis, capacity planning, security monitoring, and service level reporting. The document highlights some of Splunk's key capabilities and differentiators like indexing data once for multiple uses, scaling to large environments, and providing a fast time to value. It also includes two customer examples of how Credit Suisse and Surrey Satellite have benefited from using Splunk for IT operations.
SplunkLive! München 2016 - Splunk für IT OperationsSplunk
The document discusses Splunk for IT operations (ITOps). It provides an overview of how Splunk can help organizations gain operational intelligence and visibility across their IT infrastructure and applications. Some key points:
- Splunk consolidates machine data from different sources like servers, storage, networking devices, applications etc. into a single platform for monitoring, searching and analyzing data.
- It helps overcome issues of disconnected point solutions, siloed teams and outdated tools that take up majority of IT time for maintenance instead of innovation.
- Splunk provides real-time search capabilities to help IT teams act as "first responders" and reduce problem resolution time from days to minutes by quickly searching across all log data.
SplunkLive! Utrecht - Splunk for Security - Monzy MerzaSplunk
The document discusses transforming security through new approaches like adaptive response, machine learning, and centralized monitoring and command centers. It summarizes new features being added to Splunk Enterprise Security like improved threat detection, user behavior analytics, adaptive response capabilities, and enhanced visual analytics. The presentation highlights how these new Splunk security solutions help optimize security operations centers and augment or replace security information and event management systems.
SplunkLive! München 2016 - Getting started with SplunkSplunk
This document provides an overview and introduction to Splunk. It discusses what Splunk is, how to get started with Splunk including installing Splunk, indexing data, performing searches, creating alerts and reports. It also covers deployment and integration topics such as scaling Splunk, forwarding data, role-based access controls, and support resources. The document is intended to help users understand the basics of using Splunk to explore and analyze machine data.
Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
This document discusses how Splunk provides operational intelligence through machine data analytics. It highlights how Splunk can help organizations gain visibility into their complex IT operations by indexing data from any source, allowing users to search and investigate that data. The document demonstrates how Splunk can be used to troubleshoot issues, such as identifying servers experiencing high CPU usage or disk space problems. It also shows how to create alerts, reports, and dashboards with Splunk to monitor infrastructure and application health.
Come and learn from our experts on ways to improve you IT Operational Visibility by using Splunk for monitoring environment health. In this hands-on session we will cover recommended approaches for end to end monitoring, across applications, OSes, and devices. Topics will include: critical services to monitor, use of the Splunk Common Information Model (CIM) for cross-dataset normalization, commonly deployed apps and TAs to gather data for IT infrastructure uses, and use of pre-made dashboard panels to quickly build dashboards for monitoring your environment.
Getting Started with Splunk Enterprise Hands-OnSplunk
Here’s your chance to get hands-on with Splunk for the first time! Bring your laptop, and we’ll go through a simple install of Splunk. Then we’ll load some sample data, and see Splunk in action. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. We’ll share practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
SplunkLive! München 2016 - Splunk für SecuritySplunk
This document provides an overview of Splunk's security analytics and user behavior analytics capabilities for detecting threats like cyber attacks and insider threats. It discusses how Splunk uses machine learning and behavioral analytics on large datasets to detect anomalies and threats. Examples are given showing how Splunk can detect suspicious user activities across the cyber kill chain and identify external attacks and insider threats. Key workflows for security analysts and threat hunters using Splunk are also outlined.
Michael Ronnfeldt of NXP discusses implementing an Analytics and Automation Platform using Splunk to address NXP's challenges. Some key points:
- NXP is a large semiconductor company with many products and divisions facing growing IT needs
- The current situation involves manual, slow monitoring and resolution of issues
- The Analytics and Automation Platform (SNA2P) uses Splunk for automated monitoring, incident detection and remediation, discovery, and centralized reporting to provide faster, better service
- Benefits include incidents being resolved before users notice and automation enforcing security and compliance through change control
- Future roadmap includes expanding the CMDB, deployment automation, test automation, and continuous integration
The document provides an overview of Splunk, including:
- Splunk allows users to search and analyze machine-generated data from websites, applications, sensors and other sources to gain operational intelligence and security insights.
- Splunk's platform can index and correlate data from various sources in real-time to enable log search, monitoring, and analytics across IT, security, and business functions.
- Splunk provides solutions for IT operations, security, IoT and industrial data, and business analytics to help customers address challenges in those areas.
Getting started with Splunk Breakout SessionSplunk
This document provides a summary of a presentation about Splunk. It discusses what Splunk is and how it works, including that Splunk is a platform for searching, monitoring, and analyzing machine-generated big data in real-time. It also covers key Splunk concepts like indexing, searching, reporting, alerting, and deployment options. The presentation demonstrates how to install Splunk, add sample data, perform searches, extract fields, create alerts and dashboards, and discusses integration, support resources, and the Splunk developer platform.
How to Design, Build and Map IT and Business Services in SplunkSplunk
Your IT department supports critical business functions, processes and products. You're most effective when your technology initiatives are closely aligned and measured with specific business objectives. This session covers best practices and techniques for designing and building an effective service model, using the domain knowledge of your experts and capturing and reporting on key metrics that everyone can understand. We will design a sample service model and map them to performance indicators to track operational and business objectives. We will also show you how to make Splunk service-ware with Splunk IT Service Intelligence (ITSI).
Delivering Business Value from Operational Inisights at ING BankSplunk
Discover how ING Bank gains critical insights from the data generated across its IT estate. This session will highlight how the bank benefits from real-time visibility into its operations and performance, while enhancing business analytics to deliver improved insight into customer behavior and ultimately make better business decisions.
Attend to learn from our experts about ways to improve you IT Operational Intelligence by using Splunk for troubleshooting, monitoring and service-level visibility. In this hands-on session we will cover recommended approaches for end-to-end troubleshooting and monitoring across applications, OSes, and devices to resolve problems faster, reduce downtime and improve user satisfaction and customer retention. Topics will include: monitoring critical services, using commonly deployed apps and TAs to gather data for IT infrastructure uses, and using of pre-made dashboard panels to quickly build dashboards for monitoring your environment.
The document provides an overview of Splunk for IT operations (ITOps). It discusses how Splunk can help organizations address escalating IT complexity and issues plaguing IT operations. It introduces Splunk IT Service Intelligence, which provides data-driven service insights for root-cause isolation and improved service operations. Key concepts explained include what a service is, key performance indicators (KPIs), and service health scores. The document also highlights capabilities like service analyzer, glass tables, deep dives, multi-KPI alerts and notable events. Customer stories are presented on how enterprises use Splunk for increased uptime, reduced mean time to resolution, optimized capacity and more.
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
Using Simple XML and Splunk Enterprise, learn how to create easy interactive dashboards to explore data. This demo showcases great tools to put ion the hands of Splunk users, help desk users and IT Operations staff.
The document discusses how Splunk provides a platform for operational intelligence through machine data. It outlines Splunk's capabilities including collecting any machine data, powerful search and investigation tools, and proactive monitoring. Splunk accelerates value through apps that provide deep insights into specific technologies like Exchange, VMware, and storage. The document demonstrates how Splunk apps work through demos and discusses how customers are leveraging Splunk to reduce costs and gain operational visibility across their infrastructure.
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk
Splunk Software ermöglicht den Interessierten unter uns, das anzusehen, was andere ignorieren - Maschinendaten - und das zu finden, was andere niemals sehen - wertvolle Einblicke, durch die Ihr Team und Unternehmen produktiver, profitabler, wettbewerbsfähiger und sicherer wird.
Sind Sie schon neugierig, welche Informationen in Ihren Maschinendaten stecken?
In diesem Webinar zeigen wir Ihnen, warum über 11 000 Unternehmen, Splunk Software für folgendes nutzen:
- Beseitigung von Applikationsproblemen und Investigation von Security-Vorfällen in Minutenschnelle
- Vermeidung von Service-Problemen oder Ausfällen
- Einhaltung von Compliance Vorschriften zu niedrigeren Kosten
- Neue Einblicke in die Geschäftstätigkeit
Nehmen Sie teil an dieser Operational Intelligence Demo-Session und erfahren Sie mehr darüber, wie Sie und Ihr Team effizienter und produktiver arbeiten können.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
This document provides an overview and agenda for a presentation on getting started with Splunk Enterprise. It discusses what machine data is, how Splunk can extract insights from machine data, and Splunk's scalable deployment architecture. It also demonstrates searches in Splunk and discusses resources for help and support.
The document discusses Splunk security solutions including Splunk Enterprise and Splunk User Behavior Analytics (UBA). It begins with an agenda that includes a demo of the Zeus ES security product and a UBA demo. The document then provides an overview of challenges in securing against advanced threats and how Splunk addresses these challenges through security analytics and machine data. Examples are given of how Splunk has helped customers including Nasdaq and PostFinance address security issues. The presentation concludes with a discussion of features in Splunk Enterprise Security 4.0.
This summary provides an overview of a presentation about Splunk:
1. The presentation introduces Splunk, an enterprise software platform that allows users to search, monitor, and analyze machine-generated big data for security, IT and business operations.
2. Key components of Splunk include universal forwarders for data collection, indexers for data storage and search heads for data visualization. Splunk supports data ingestion from various sources like servers, databases, applications and sensors.
3. A demo section shows how to install Splunk, ingest sample data, perform searches, set up alerts and reports. It also covers dynamic field extraction, the search command language and Splunk applications.
This document provides an overview of data enrichment techniques in Splunk including tags, field aliases, calculated fields, event types, and lookups. It describes how tags can add context and categorize data, field aliases can simplify searches by normalizing field labels, and lookups can augment data with additional external fields. The document also discusses various data sources that Splunk can index such as network data, HTTP events, alerts, scripts, databases, and modular inputs for custom data collection.
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenSplunk
Ransomware ist nicht mehr nur ein auf Privatanwender ausgerichtetes Ärgernis, sondern hat sich zu einer ernstzunehmenden Bedrohung für Unternehmen und Regierungseinrichtungen entwickelt.
In unserem Webinar können Sie mehr darüber herausfinden, was Ransomware genau ist und wie es funktioniert. Anschliessend zeigen wir Ihnen das Ganze in einer Live Demo mit Daten aus einer Windows Ransomware Infektion.
Detailliert zeigen wir Ihnen:
- wie Sie mit Splunk Enterprise Ransomware IOCs "jagen"
- wie Sie Malicious Endpoint Verhalten aufdecken
- Abwehrstrategien
SplunkLive! München 2016 - Getting started with SplunkSplunk
This document provides an overview and introduction to Splunk. It discusses what Splunk is, how to get started with Splunk including installing Splunk, indexing data, performing searches, creating alerts and reports. It also covers deployment and integration topics such as scaling Splunk, forwarding data, role-based access controls, and support resources. The document is intended to help users understand the basics of using Splunk to explore and analyze machine data.
Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
This document discusses how Splunk provides operational intelligence through machine data analytics. It highlights how Splunk can help organizations gain visibility into their complex IT operations by indexing data from any source, allowing users to search and investigate that data. The document demonstrates how Splunk can be used to troubleshoot issues, such as identifying servers experiencing high CPU usage or disk space problems. It also shows how to create alerts, reports, and dashboards with Splunk to monitor infrastructure and application health.
Come and learn from our experts on ways to improve you IT Operational Visibility by using Splunk for monitoring environment health. In this hands-on session we will cover recommended approaches for end to end monitoring, across applications, OSes, and devices. Topics will include: critical services to monitor, use of the Splunk Common Information Model (CIM) for cross-dataset normalization, commonly deployed apps and TAs to gather data for IT infrastructure uses, and use of pre-made dashboard panels to quickly build dashboards for monitoring your environment.
Getting Started with Splunk Enterprise Hands-OnSplunk
Here’s your chance to get hands-on with Splunk for the first time! Bring your laptop, and we’ll go through a simple install of Splunk. Then we’ll load some sample data, and see Splunk in action. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. We’ll share practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
SplunkLive! München 2016 - Splunk für SecuritySplunk
This document provides an overview of Splunk's security analytics and user behavior analytics capabilities for detecting threats like cyber attacks and insider threats. It discusses how Splunk uses machine learning and behavioral analytics on large datasets to detect anomalies and threats. Examples are given showing how Splunk can detect suspicious user activities across the cyber kill chain and identify external attacks and insider threats. Key workflows for security analysts and threat hunters using Splunk are also outlined.
Michael Ronnfeldt of NXP discusses implementing an Analytics and Automation Platform using Splunk to address NXP's challenges. Some key points:
- NXP is a large semiconductor company with many products and divisions facing growing IT needs
- The current situation involves manual, slow monitoring and resolution of issues
- The Analytics and Automation Platform (SNA2P) uses Splunk for automated monitoring, incident detection and remediation, discovery, and centralized reporting to provide faster, better service
- Benefits include incidents being resolved before users notice and automation enforcing security and compliance through change control
- Future roadmap includes expanding the CMDB, deployment automation, test automation, and continuous integration
The document provides an overview of Splunk, including:
- Splunk allows users to search and analyze machine-generated data from websites, applications, sensors and other sources to gain operational intelligence and security insights.
- Splunk's platform can index and correlate data from various sources in real-time to enable log search, monitoring, and analytics across IT, security, and business functions.
- Splunk provides solutions for IT operations, security, IoT and industrial data, and business analytics to help customers address challenges in those areas.
Getting started with Splunk Breakout SessionSplunk
This document provides a summary of a presentation about Splunk. It discusses what Splunk is and how it works, including that Splunk is a platform for searching, monitoring, and analyzing machine-generated big data in real-time. It also covers key Splunk concepts like indexing, searching, reporting, alerting, and deployment options. The presentation demonstrates how to install Splunk, add sample data, perform searches, extract fields, create alerts and dashboards, and discusses integration, support resources, and the Splunk developer platform.
How to Design, Build and Map IT and Business Services in SplunkSplunk
Your IT department supports critical business functions, processes and products. You're most effective when your technology initiatives are closely aligned and measured with specific business objectives. This session covers best practices and techniques for designing and building an effective service model, using the domain knowledge of your experts and capturing and reporting on key metrics that everyone can understand. We will design a sample service model and map them to performance indicators to track operational and business objectives. We will also show you how to make Splunk service-ware with Splunk IT Service Intelligence (ITSI).
Delivering Business Value from Operational Inisights at ING BankSplunk
Discover how ING Bank gains critical insights from the data generated across its IT estate. This session will highlight how the bank benefits from real-time visibility into its operations and performance, while enhancing business analytics to deliver improved insight into customer behavior and ultimately make better business decisions.
Attend to learn from our experts about ways to improve you IT Operational Intelligence by using Splunk for troubleshooting, monitoring and service-level visibility. In this hands-on session we will cover recommended approaches for end-to-end troubleshooting and monitoring across applications, OSes, and devices to resolve problems faster, reduce downtime and improve user satisfaction and customer retention. Topics will include: monitoring critical services, using commonly deployed apps and TAs to gather data for IT infrastructure uses, and using of pre-made dashboard panels to quickly build dashboards for monitoring your environment.
The document provides an overview of Splunk for IT operations (ITOps). It discusses how Splunk can help organizations address escalating IT complexity and issues plaguing IT operations. It introduces Splunk IT Service Intelligence, which provides data-driven service insights for root-cause isolation and improved service operations. Key concepts explained include what a service is, key performance indicators (KPIs), and service health scores. The document also highlights capabilities like service analyzer, glass tables, deep dives, multi-KPI alerts and notable events. Customer stories are presented on how enterprises use Splunk for increased uptime, reduced mean time to resolution, optimized capacity and more.
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
Using Simple XML and Splunk Enterprise, learn how to create easy interactive dashboards to explore data. This demo showcases great tools to put ion the hands of Splunk users, help desk users and IT Operations staff.
The document discusses how Splunk provides a platform for operational intelligence through machine data. It outlines Splunk's capabilities including collecting any machine data, powerful search and investigation tools, and proactive monitoring. Splunk accelerates value through apps that provide deep insights into specific technologies like Exchange, VMware, and storage. The document demonstrates how Splunk apps work through demos and discusses how customers are leveraging Splunk to reduce costs and gain operational visibility across their infrastructure.
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk
Splunk Software ermöglicht den Interessierten unter uns, das anzusehen, was andere ignorieren - Maschinendaten - und das zu finden, was andere niemals sehen - wertvolle Einblicke, durch die Ihr Team und Unternehmen produktiver, profitabler, wettbewerbsfähiger und sicherer wird.
Sind Sie schon neugierig, welche Informationen in Ihren Maschinendaten stecken?
In diesem Webinar zeigen wir Ihnen, warum über 11 000 Unternehmen, Splunk Software für folgendes nutzen:
- Beseitigung von Applikationsproblemen und Investigation von Security-Vorfällen in Minutenschnelle
- Vermeidung von Service-Problemen oder Ausfällen
- Einhaltung von Compliance Vorschriften zu niedrigeren Kosten
- Neue Einblicke in die Geschäftstätigkeit
Nehmen Sie teil an dieser Operational Intelligence Demo-Session und erfahren Sie mehr darüber, wie Sie und Ihr Team effizienter und produktiver arbeiten können.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
This document provides an overview and agenda for a presentation on getting started with Splunk Enterprise. It discusses what machine data is, how Splunk can extract insights from machine data, and Splunk's scalable deployment architecture. It also demonstrates searches in Splunk and discusses resources for help and support.
The document discusses Splunk security solutions including Splunk Enterprise and Splunk User Behavior Analytics (UBA). It begins with an agenda that includes a demo of the Zeus ES security product and a UBA demo. The document then provides an overview of challenges in securing against advanced threats and how Splunk addresses these challenges through security analytics and machine data. Examples are given of how Splunk has helped customers including Nasdaq and PostFinance address security issues. The presentation concludes with a discussion of features in Splunk Enterprise Security 4.0.
This summary provides an overview of a presentation about Splunk:
1. The presentation introduces Splunk, an enterprise software platform that allows users to search, monitor, and analyze machine-generated big data for security, IT and business operations.
2. Key components of Splunk include universal forwarders for data collection, indexers for data storage and search heads for data visualization. Splunk supports data ingestion from various sources like servers, databases, applications and sensors.
3. A demo section shows how to install Splunk, ingest sample data, perform searches, set up alerts and reports. It also covers dynamic field extraction, the search command language and Splunk applications.
This document provides an overview of data enrichment techniques in Splunk including tags, field aliases, calculated fields, event types, and lookups. It describes how tags can add context and categorize data, field aliases can simplify searches by normalizing field labels, and lookups can augment data with additional external fields. The document also discusses various data sources that Splunk can index such as network data, HTTP events, alerts, scripts, databases, and modular inputs for custom data collection.
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenSplunk
Ransomware ist nicht mehr nur ein auf Privatanwender ausgerichtetes Ärgernis, sondern hat sich zu einer ernstzunehmenden Bedrohung für Unternehmen und Regierungseinrichtungen entwickelt.
In unserem Webinar können Sie mehr darüber herausfinden, was Ransomware genau ist und wie es funktioniert. Anschliessend zeigen wir Ihnen das Ganze in einer Live Demo mit Daten aus einer Windows Ransomware Infektion.
Detailliert zeigen wir Ihnen:
- wie Sie mit Splunk Enterprise Ransomware IOCs "jagen"
- wie Sie Malicious Endpoint Verhalten aufdecken
- Abwehrstrategien
Splunk provides software that allows users to search, monitor, and analyze machine-generated data. It collects data from websites, applications, servers, networks and other devices and stores large amounts of data. The software provides dashboards, reports and alerts to help users gain operational intelligence and insights. It is used by over 4,400 customers across many industries to solve IT and business challenges.
This document provides an overview of threat hunting using Splunk. It begins with an introduction to threat hunting and why it is important. The presentation then discusses key building blocks for driving threat hunting maturity, including search and visualization, data enrichment, ingesting data sources, and applying machine learning. It provides examples of internal data sources that can be used for hunting like IP addresses, network artifacts, DNS, and endpoint data. The presentation demonstrates hunting using the Microsoft Sysmon endpoint agent, walking through an example attack scenario matching the Cyber Kill Chain framework. It shows how to investigate a potential compromise by searching across web, DNS, proxy, firewall, and endpoint data in Splunk to trace suspicious activity back to a specific user.
This document outlines a presentation on threat hunting with Splunk. The presenter is Ken Westin, a security strategist at Splunk with over 20 years of experience in technology and security. The agenda includes an overview of threat hunting basics and data sources, examining the cyber kill chain through a hands-on attack scenario using Splunk, and advanced threat hunting techniques including machine learning. Log-in credentials are provided for access to hands-on demo environments related to the presentation.
Building Business Service Intelligence with ITSISplunk
This document provides instructions for setting up access to an online Splunk sandbox for a presentation on building service intelligence with Splunk IT Service Intelligence. It instructs the reader to download a presentation slide deck, sign up for a free online Splunk ITSI sandbox if not already done, test access to the sandbox using recommended browsers, and select the IT Service Intelligence app after logging in.
Splunk Webinar – IT Operations auf den nächsten Level bringenSplunk
Verwertbare Einblicke in Ihre Daten gewinnen und IT Operations auf den nächsten Level bringen
In unserem Webinar zeigen wir Ihnen anhand einer Demo:
- wie Sie Service-Kontext gewinnen, in dem Sie Verhaltens- und Performance-Daten kombinieren.
- wie Sie ein genaues Bild Ihrer Umgebung erhalten, damit Sie Prozesse optimieren können
- wie Sie Kernursachen-Analysen beschleunigen und so Ausfälle auf Kundenseite entgegenwirken können
- wie Sie Incident Investigation priorisieren und die Time-to-Resolution durch Verhaltens- und Event-Analysen verkürzen
- wie Analytics und Machine Learning Service Intelliegence verbessern können
Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Splunk Enterprise for IT Troubleshooting Hands-OnSplunk
This document provides an overview and demo of Splunk Enterprise for IT troubleshooting. It discusses how Splunk can help address the increasing complexity of IT environments by allowing users to index and analyze machine data from any source. The demo walks through searching logs, extracting fields, troubleshooting infrastructure and application issues, creating alerts and reports, and using dashboards. It highlights how Splunk can help accelerate incident resolution, reduce MTTR, and accelerate development cycles.
Getting Started with IT Service IntelligenceSplunk
This document discusses IT service intelligence (ITSI) concepts including defining services, key performance indicators (KPIs), service health scores, and service decomposition. A service can include multiple technology components and tiers that need to be monitored together from a user's perspective. KPIs are Splunk searches that monitor specific metrics like CPU or errors. Health scores from 0-100 indicate a service's status based on KPI status and importance. Entities that support services can come from CMDBs or searches. Services can be decomposed into sub-services and underlying processes to define relevant KPIs for monitoring. Adaptive thresholding and anomaly detection help determine normal vs abnormal behavior in dynamic or patterned data. ITSI allows
Building Business Service Intelligence with ITSISplunk
This document provides instructions for setting up Splunk IT Service Intelligence (ITSI) before using it. It instructs the user to:
1. Download a presentation slide deck from a Splunk Box URL.
2. Sign up for a free Splunk ITSI Online Sandbox if not already done.
3. Test access to the sandbox, recommending Chrome, Firefox or Safari and noting that Internet Explorer is not recommended.
4. After logging in, select IT Service Intelligence from the list of apps on the left side.
This document contains an agenda for the SplunkLive! Utrecht conference. It includes:
- A welcome message and introduction to using Splunk for security and IT operations.
- Three customer use cases that will be presented on using Splunk for the CERT EU, NXP, and KPN.
- Information on sponsors and speakers at the conference.
- An overview of the Splunk platform and how it can be used for security, IT operations, business analytics, IoT, and more.
This document summarizes Molina Healthcare's use of Splunk software. Molina is a Fortune 500 healthcare company that provides Medicaid and CHIP plans. They implemented Splunk Enterprise to gain centralized visibility and logging of their large, virtualized infrastructure. Splunk has helped Molina dramatically reduce troubleshooting times, retire old tools, and improve business insights. Key benefits included reduced MTTR by over 150%, issues now resolved in minutes versus hours, and improved customer satisfaction. Molina users Splunk across IT, operations, development and business teams.
Taking Splunk to the Next Level - ArchitectureSplunk
This session led by Michael Donnelly will teach you how to take your Splunk deployment to the next level. Learn about Splunk high availability architectures with Splunk Search Head Clustering and Index Replication. Additionally, learn how to manage your deployment with Splunk’s operational and management controls to manage Splunk capacity and end user experience
Splunk Tutorial for Beginners - What is Splunk | EdurekaEdureka!
The document discusses Splunk, a software platform used for searching, analyzing, and visualizing machine-generated data. It provides an example use case of Domino's Pizza using Splunk to gain insights from data from various systems like mobile orders, website orders, and offline orders. This helped Domino's track the impact of various promotions, compare performance metrics, and analyze factors like payment methods. The document also outlines Splunk's components like forwarders, indexers, and search heads and how they allow users to index, store, search and visualize data.
Almost all developers face the challenge of reactively debugging failed business transaction processes. Not only does this require extensive navigation of enormous volumes of log data, but determining root cause becomes a laborious and time-consuming task.
Additionally, business managers often request developers and operations to provide analytics on applications, resulting in the tedious task of charting the information, most usually from intangible data. Learn how to capture, extract and analyze your event data by having analytics embedded in the application. Download the white-paper that details how to gain Application Intelligence through effective logging.
Check out the webinar here: http://www.splunk.com/goto/analytics_webcast
How to Design, Build and Map IT and Business Services in SplunkSplunk
Your IT department supports critical business functions, processes and products. You're most effective when your technology initiatives are closely aligned and measured with specific business objectives. This session covers best practices and techniques for designing and building an effective service model, using the domain knowledge of your experts and capturing and reporting on key metrics that everyone can understand. We will design a sample service model and map them to performance indicators to track operational and business objectives. We will also show you how to make Splunk service-ware with Splunk IT Service Intelligence (ITSI).
This document provides an overview and sales presentation of Splunk software capabilities. Some key points:
- Splunk is a software platform that allows users to search, monitor and analyze machine-generated data for security and operational intelligence.
- It can index and search data from many different sources like servers, applications, networks and more.
- Splunk offers scalability to handle indexing and searching large volumes of data up to terabytes per day across multiple data centers.
- The software provides features like search and investigation, proactive monitoring, operational visibility and real-time business insights.
This document provides an overview and demonstration of Splunk software. It discusses what machine data is, Splunk's mission to make machine data accessible and valuable, and what machine data looks like from different sources. The presentation then demonstrates how to install Splunk, onboard data, conduct searches, create dashboards and alerts. It also discusses Splunk deployment architectures for single and distributed environments and how to get help resources.
Splunk provides a platform for operational intelligence that allows users to analyze machine data from any source. The document discusses Splunk products and solutions for IT service management, security intelligence, and Internet of Things applications. Splunk has over 11,000 customers across various industries.
Splunk is used by many large financial services companies to gain operational intelligence and insights across diverse business processes. Some key uses of Splunk mentioned in the document include enabling high performance global trade infrastructure, gaining visibility across FIX order routing systems, providing end to end visibility across applications and infrastructure to deliver $6M annual ROI, enabling timely transaction settlement processing, and being integrated into a risk metrics group's high performance cloud computing offering.
This document provides an overview of Splunk, Inc. including:
- Splunk is a software company founded in 2004 that provides data platforms for machine data including on-premise, cloud, and SaaS solutions.
- They have over 5,200 customers including 63 of the Fortune 100 and can process up to 100 terabytes per day for their largest license.
- Splunk's software delivers value across IT operations and security as well as business analytics by enabling users to gain operational visibility and real-time insights from machine data.
- Splunk supports use cases across various industries including retail, media, telecommunications, and manufacturing by helping customers turn machine data into valuable business insights.
Splunk provides a fully integrated platform for collecting, analyzing, and visualizing machine data from any source. The Splunk App for AWS integrates with AWS services like CloudTrail, Config, and VPC Flow Logs to provide visibility into AWS environments. It collects data from AWS SQS queues and S3 buckets using the AWS SDK. Setting up the Splunk App for AWS requires installing the Splunk Add-on for AWS and configuring permissions for AWS services. Users add their AWS account, and then must wait 5-10 minutes for dashboards and reports to populate with AWS log data.
Splunk for IT Operations Breakout SessionGeorg Knon
This document discusses how IT complexity is a challenge for CIOs due to siloed technologies, disconnected point solutions, and time spent maintaining rather than innovating. It presents Splunk as a solution that provides comprehensive visibility across infrastructure, applications, databases, and more through centralized data collection and analysis. Splunk reduces problem resolution time by 67% and escalations by 90% by enabling "first responders" to search across all IT data from a single interface. The document also outlines how Splunk apps can provide insights by role and technology and its capabilities for various IT functions like virtualization, storage, and operating systems.
This document discusses how IT complexity is a challenge for CIOs due to siloed technologies, disconnected point solutions, and time spent maintaining rather than innovating. It presents Splunk as a solution that provides comprehensive visibility across infrastructure, applications, and customer-facing data to help reduce problem resolution time and escalations. Specific benefits highlighted include consolidating logs from various systems into a single view, enabling faster identification and resolution of issues. The document also outlines how Splunk apps can provide insights by role and accelerate value through plug-ins and templates to analyze data from any source.
Splunk Webinar: IT Operations Demo für Troubleshooting & DashboardingGeorg Knon
This document provides an overview of Splunk's IT operations software. It discusses the challenges facing IT operations, including siloed tools and reactive problem solving. It presents Splunk as a solution, with its ability to index and analyze machine data from any source in real-time. Key benefits highlighted include faster troubleshooting to reduce downtime, proactive monitoring to address issues before they become problems, and increased operational visibility across the IT environment. The document concludes with a demonstration of Splunk's IT service intelligence capabilities.
SplunkLive! Milano 2016 - Splunk Plenary SessionSplunk
The document provides an agenda for the SplunkLiveMilano2016 event taking place on April 5th, 2016 in Milan. The agenda includes welcome and overview sessions in the morning, followed by use case presentations from Unicredit, Saipem, and Yoox-Net-a-Porter. There will be breakout sessions after lunch on various topics, and a happy hour with sponsors. The document also lists the dedicated Splunk team for Italy and provides information on upcoming Splunk events.
SplunkLive! São Paulo 2014 - Overview by markus zirnSplunk
1. The document discusses how Splunk software provides operational intelligence by collecting data from anywhere, allowing users to search and analyze everything, and gain real-time operational insights.
2. It highlights several Splunk customers and how they use Splunk across various industries and use cases such as IT operations, security, application management, and business analytics.
3. The document promotes Splunk's 5th Annual Worldwide User Conference in October 2014 with sessions, speakers, and opportunities to learn about Splunk's platform and ecosystem.
Steven Hatch of Cox Automotive discusses how they used Splunk IT Service Intelligence (ITSI) to gain operational visibility into massive amounts of audio, video, network, and storage data from their global auction platforms. This helped them pinpoint issues, improve mean time to identify and resolve incidents, and ensure high customer satisfaction. Splunk ITSI simplified the complex technical details into intelligence through correlating key performance indicators into services and actionable events. It also empowered Cox Automotive to scale infrastructure on demand with cloud solutions and proactively replace equipment. Use of Splunk ITSI reduced auction incidents by 90% with real-time infrastructure monitoring and positively impacted reliability and the bottom line. Next steps include training partners in DevOps
Come and learn from our experts on ways to improve you IT Operational Visibility by using Splunk for monitoring environment health. In this hands-on session we will cover recommended approaches for end-to-end monitoring, across applications, OSes, and devices. Topics will include: critical services to monitor, use of the Splunk Common Information Model (CIM) for cross-dataset normalization, commonly deployed apps and TAs to gather data for IT infrastructure uses, and use of pre-made dashboard panels to quickly build dashboards for monitoring your environment.
This document discusses how Splunk provides new visibility and analytics for IT operations. It notes that IT environments are becoming increasingly complex with more servers, applications, virtualization, and cloud services. Splunk offers a platform for operational intelligence that can consolidate machine data from various sources and provide search, monitoring, and analytics capabilities. It also discusses how Splunk apps can provide deep insights into specific technology areas.
Learn from our experts about ways to improve you IT Operational Intelligence by using Splunk for troubleshooting, monitoring and service-level visibility. In this hands-on session we will cover recommended approaches for end-to-end troubleshooting and monitoring across applications, OSes, and devices to resolve problems faster, reduce downtime and improve user satisfaction and customer retention. Topics will include: monitoring critical services, using commonly deployed apps and TAs to gather data for IT infrastructure uses, and using of pre-made dashboard panels to quickly build dashboards for monitoring your environment.
Virtual SplunkLive! for Higher Education Overview/CustomersSplunk
The document outlines the agenda for a virtual SplunkLive! event for higher education on January 28, 2015. It includes an overview of Splunk, presentations from various universities on their Splunk implementations, and breakout sessions on getting started with Splunk, security, and IT operations. It also provides information on Splunk products and capabilities for IT operations, security, application delivery, business analytics, industrial data, and the Internet of Things.
Splunk is used by John Lewis, a major UK retailer, to gain insights from machine data across their operations. Splunk collects and indexes log and event data from various systems like web servers, applications, and devices. This data is analyzed using Splunk to provide real-time visibility, troubleshoot issues, model customer behavior, and make business decisions. Splunk helps John Lewis improve their online customer experience and resolve issues more quickly by analyzing data from their ecommerce platform and various systems.
Virtual Gov Day - Application Delivery Breakout - OverviewSplunk
Splunk is an industry-leading platform that allows users to index and search machine-generated data from any source, in any format, at any scale, in real-time and historical. It provides operational intelligence capabilities like search and investigation, proactive monitoring, and real-time business insights. Splunk delivers value across IT operations, security, compliance, fraud detection, application delivery, and business analytics.
IBM Solutions Connect 2013 - Getting started with Big DataIBM Software India
You've heard of Big Data for sure. But what are the implications of this for your organisation? Can your organisation leverage Big Data too? If you decide to go ahead with your Big Data implementation where do you start? If these questions sound familiar to you then you've stumbled upon the right presentation. Go through the presentation to:
a. Learn more on Big data
b. How Big data can help you outperform in your marketplace.
c. How to proactively manage security and risk
d. How to create IT agility to underpin the business
Also, learn about IBM's superior Big Data technologies and how they are helping today's organisations take smarter decisions and actions.
No Time Like the Present – The Case for Streaming AnalyticsInside Analysis
The Briefing Room with John Myers and SQLstream
Live Webcast Jan. 14, 2014
Watch the archive: https://bloorgroup.webex.com/bloorgroup/lsr.php?AT=pb&SP=EC&rID=8028437&rKey=f7805e721c625b13
Many of today's opportunities and challenges come and go faster than a data warehouse can perform. That's one reason why streaming analytics are starting to take off. For all kinds of Big Data, streaming analytics can provide business value almost instantaneously. Whether for protecting critical infrastructure, knowing which offer to make to a high-value customer, or detecting fraud before serious damage is done, streaming analytics can provide tangible solutions in near-real-time.
Register for this episode of The Briefing Room to hear industry Analyst John Myers as he explains the changing dynamics of modern analytics. He'll be briefed by Damian Black of SQLstream who will discuss his company's streaming Big Data Platform which uses a standards-based approach to provide new levels of visibility into a wide range of log file, sensor, network and machine-generated data. He'll also detail their latest offerings – StreamApp templates, which are pre-configured streaming application components for specific industries.
Visit InsideAnalysis.com for more information
Delivering New Visibility and Analytics for IT OperationsGabrielle Knowles
The document discusses how Splunk provides visibility and analytics for IT operations. It outlines Splunk's ability to ingest data from various sources like applications, databases, networks and more. This gives organizations a universal platform to gain operational visibility, enable proactive monitoring, and obtain business insights from their machine data in real-time. Splunk differentiators include analyzing all data, scaling for large environments, and reducing MTTR, costs and improving user experiences.
The document discusses how Splunk provides visibility and analytics for IT operations. It describes how Splunk can ingest data from various sources like applications, databases, networks, virtualization and more. This gives organizations operational visibility across their infrastructure and enables proactive monitoring, search and investigation capabilities for troubleshooting and problem solving. Splunk offers a universal platform for machine data that can scale to handle large, complex environments.
Similar to Softcat Splunk Discovery Day Manchester, March 2017 (20)
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
This document discusses standardizing security operations procedures (SOPs) to increase efficiency and automation. It recommends storing SOPs in a code repository for versioning and referencing them in workbooks which are lists of standard tasks to follow for investigations. The goal is to have investigation playbooks in the security orchestration, automation and response (SOAR) tool perform the predefined investigation steps from the workbooks to automate incident response. This helps analysts automate faster without wasting time by having standard, vendor-agnostic procedures.
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
El documento describe la transición de Cellnex de un Centro de Operaciones de Seguridad (SOC) a un Equipo de Respuesta a Incidentes de Seguridad (CSIRT). La transición se debió al crecimiento de Cellnex y la necesidad de automatizar procesos y tareas para mejorar la eficiencia. Cellnex implementó Splunk SIEM y SOAR para automatizar la creación, remediación y cierre de incidentes. Esto permitió al personal concentrarse en tareas estratégicas y mejorar KPIs como tiempos de resolución y correos electrónicos anal
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
Este documento resume el recorrido de ABANCA en su camino hacia la ciberseguridad con Splunk, desde la incorporación de perfiles dedicados en 2016 hasta convertirse en un centro de monitorización y respuesta con más de 1TB de ingesta diaria y 350 casos de uso alineados con MITRE ATT&CK. También describe errores cometidos y soluciones implementadas, como la normalización de fuentes y formación de operadores, y los pilares actuales como la automatización, visibilidad y alineación con MITRE ATT&CK. Por último, señala retos
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
The document is a presentation on cyber security trends and Splunk security products from Matthias Maier, Product Marketing Director for Security at Splunk. The presentation covers trends in security operations like the evolution of SOCs, new security roles, and data-centric security approaches. It also provides updates on Splunk's security portfolio including recognition as a leader in SIEM by Gartner and growth in the SIEM market. Maier highlights some breakout sessions from the conference on topics like asset defense, machine learning, and building detections.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
This document summarizes a presentation about observability using Splunk. It includes an agenda introducing observability and why Splunk for observability. It discusses the need for modernization initiatives in companies and the thousands of changes required. It presents that Splunk provides end-to-end visibility across metrics, traces and logs to detect, troubleshoot and optimize systems. It shares a customer case study of Accenture using Splunk observability in their hybrid cloud environment. Finally, it concludes that observability with Splunk can drive results like reduced downtime and faster innovation.
This document contains slides from a Splunk presentation covering the following topics:
- Updated Splunk logo and information about meetings in Zurich and sales engineering leads
- Ideas for confused or concerned human figures in design concepts
- Three buckets of challenges around websites slowing, apps being down, and supply chain issues
- Accelerating mean time to detect, identify, respond and resolve through cyber resilience with Splunk
- Unifying security, IT and DevOps teams
- Splunk's technology vision focusing on customer experience, hybrid/edge, unleashing data lakes, and ubiquitous machine learning
- Gaining operational resilience through correlating infrastructure, security, application and user data with business outcomes
This document summarizes a presentation about Splunk's platform. It discusses Splunk's mission of helping customers create value faster with insights from their data. It provides statistics on Splunk's daily ingest and users. It highlights examples of how Splunk has helped customers in areas like internet messaging and convergent services. It also discusses upcoming challenges and new capabilities in Splunk like federated search, flexible indexing, ingest actions, improved data onboarding and management, and increased platform resilience and security.
The document appears to be a presentation from Splunk on security topics. It includes sections on cyber security resilience, the data-centric modern SOC, application monitoring at scale, threat modeling, security monitoring journeys, self-service Splunk infrastructure, the top 3 CISO priorities of risk based alerting, use case development, a security content repository, security PVP (posture, vision, and planning) and maturity assessment, and concludes with an overview of how Splunk can provide end-to-end visibility across an organization.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Measures in SQL (SIGMOD 2024, Santiago, Chile)Julian Hyde
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
SMS API Integration in Saudi Arabia| Best SMS API ServiceYara Milbes
Discover the benefits and implementation of SMS API integration in the UAE and Middle East. This comprehensive guide covers the importance of SMS messaging APIs, the advantages of bulk SMS APIs, and real-world case studies. Learn how CEQUENS, a leader in communication solutions, can help your business enhance customer engagement and streamline operations with innovative CPaaS, reliable SMS APIs, and omnichannel solutions, including WhatsApp Business. Perfect for businesses seeking to optimize their communication strategies in the digital age.
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
How Can Hiring A Mobile App Development Company Help Your Business Grow?ToXSL Technologies
ToXSL Technologies is an award-winning Mobile App Development Company in Dubai that helps businesses reshape their digital possibilities with custom app services. As a top app development company in Dubai, we offer highly engaging iOS & Android app solutions. https://rb.gy/necdnt
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfVALiNTRY360
Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems.
For more info visit us https://valintry360.com/solutions/health-life-sciences
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
2. 2
Agenda
09:30 – 09:45 Introduction & Welcome
09:45 – 10:00 A Day in the Life
10:00 – 10:15 So, What is Splunk?
10:15 –11:00 Session One: Data-driven insights into your IT Operations to support a digital transformation
11:00 –11:30 Break
11:30– 12:15 Session Two: Best Practices for Scoping Infections and Disrupting Breaches
12:15 –12:30 Interactive Demo & Morning Session Wrap Up
12:30– 13:30 Lunch
13:30 – Event Concludes
3. Big Data, Splunk and stuff
Sam Routledge – CTO, Softcat
15th March 2017
5. Big data basics
Data
Nirvana!
Business data
– ERP, CRM..
Machine/
sensor data –
temp,
vibration…
Marketing –
location, app,
click…
Log data –
firewall, av…
6. Digitisation considerations
Digital business model
Workforce
Mobility
Operational
Efficiency
Customer
Satisfaction
IoT/ sensor
Mobile Devices
Wearables
Industrial
Ready network
Ready infrastructure
Ready security
Ready applications
7. Data = Disruptor (if used correctly)
The retailer
•App data
•Location/ direction from Wifi
•Make stores a destination
The ‘precision agronomist’
•Sensor data – temp/ humidity etc
•Soil quality
•Pests
The dairy farmer
•Internet connected cows!
•Stomach temperature sensors
8. Security and IT: a first use case
Actionable insight
Velocity
of
threat
Volume
of data
Variety
of
sources
A learning opportunity
Understand ‘big data techniques
Equip yourself to be the ‘data plumber’
Solve the big security problem
Unify a fragmented toolset
Respond with killer speed!
9. 9
How Gatwick Airport Ensures Better
Passenger Experience With Splunk Cloud
On-time efficiency & dramatic queue reduction
with 925 flights per day
Real-time, predictive airfield analytics
deliver on mobile app & Apple watch
Data from airport gates, board pass scans,
x-ray, travel, passenger flow
10. 10
Track end-to-end
transactions
Monitor & model
customer behavior
Billion dollar website
business & IT dashboards
Prevent lost revenue
via machine data insight
How John Lewis Uses Splunk For
Multi-channel Retail Analytics
11. Why Yoox/Net-A-Porter Built A Security
Intelligence Platform Using Splunk
Intrusion detection and identification of
patterns of malicious behaviour
Comprehensive real-time security analytics
and monitoring
Automatic security alerts and deep incident
investigation
12. ITOA & performance monitoring to
ensure the BBC Store is available
Splunk Cloud allows team to focus on
monitoring not running infrastructure
Business analytics, customer
experience and sales reports
How BBC Worldwide Improves Customer
Experience With Splunk
13. Why Tesco Uses Splunk To Accelerate
Development And Understand Customers
Cut Investigation & Resolution time 95%
Reduce Escalations 50%, Accelerate Dev Cycles 30%
Activity Tracking Dashboards with Improved
Customer Experience and Reduced Lost Revenue
Operational Analytics with Live Transaction Tracing
and End-to-end Infrastructure Insight
14. Saving The US Rail Industry A Billion Dollars And 250
Million Acres Of Trees in CO2
Train sensor data in real-time
Fuel savings resulting $1bn savings
Better trained drivers & predictive maintenance
16. 16
Better customer decisions
Analyse the success of campaigns as well as
one-off promotions in real time
Proactively adjust marketing campaigns in
real-time based on customer behaviour
Device & promotion trends
Which devices (iPhones, Androids or Kindle
Fires) are being used to place orders
Where and when it is more lucrative to run
promotional campaigns- real time
Revenue insights
Online sales data across entire network of
more than 10,000 stores
Visualise key metrics - orders per
minute/per store, popular pizza and what
coupons
How Dominos Delivered Real-time Marketing
Analytics With Splunk
33. Platform for Machine Data
Application
Delivery
Security,
Compliance
and Fraud
Business
Analytics Industrial
Data and
Internet of
Things
IT
Operations
Servers
RFID
Networks
GPS
Location
Packaged
Applications
Custom
Applications
Messaging
Desktops
Online
Shopping
Cart
Storage
Smartphones
and Devices
Energy
Meters
Web
Clickstreams
Telecoms
Databases
Call Detail
Records
Web
Services
Online
ServicesOn-
Premises
Private
Cloud
Security
Public
Cloud
…but has multiple uses
34. 34
Turning Machine Data Into Operational Intelligence
Reactive
Proactive
Proactive
Monitoring
and Alerting
Real-Time
Business
InsightOperational
Visibility
Search
and
Investigate
36. Identify and fix problems fast Prevention rather than cure
Just to recap
37. Index and Analyze Data Across Your Technology Stack
Splunk Add-Ons, Templates and Apps Accelerate Value From Machine Data
No rigid schemas– add in data from any other source.
API
SDKs UI
Server, Storage,
Network
Virtualization,
Containers
Operating Systems
+ Databases
Custom
Applications
Business
Applications
Cloud Services
Web Intelligence
Mobile
Applications
Stream
Operations and
Service Desks
App Performance
Monitoring
DB Connect
49. Social Media
Campaign
Visit
Website
Book on
Mobile App
Check-in in
Reception
Connect to
Wifi in Room
Watch TV in
Room
Check-out
On Mobile
The Digital Journey
The Hotel Booking
The Customer Experience is the
Digital Experience
54. CONFIDENTIAL. INTERNAL USE ONLY.
War
Room
App
DB
Network
Storage
System
Data
Gathering
War
Room
??
? Now
What?
Outage
55. CONFIDENTIAL. INTERNAL USE ONLY.
War
Room
App
DB
Network
Storage
System
Data
Gathering
War
Room
??
? Now
What?
GAINING
INSIGHTS
IS HARD
Human latency
measured in hours or days
Outage
56. 56
New Solution is Required
Central
location for all
machine data
Data indexed
for rapid
investigation
Correlation
&
Visualisation
Draw business
insights
59. 59
Based on our number of data
sources, volumes & use cases is
driving increased customer adoption
Leader in ITOA 2015
(for 2nd year in a row)
60. Your IT Ops Backbone
Rapid Search &
Investigation
Advanced
Correlation
Powerful
Visualisation
Real Time
Alerting
Machine
Learning
Collect any Machine Data. No Connectors. No Schema
61. Your IT Ops Backbone
Rapid Search &
Investigation
Advanced
Correlation
Powerful
Visualisation
Real Time
Alerting
Machine
Learning
Collect any Machine Data. No Connectors. No Schema
Incident & Problem
Management
Win, Unix,
Network, Storage
teams
Capacity
Managers
Change, Release
Managers
Developers
& QA
IT
Managers
Compliance
Managers
App Mng
62. Your IT Ops Backbone
Over 1300 Apps available on splunkbase.com
Rapid Search &
Investigation
Advanced
Correlation
Powerful
Visualisation
Real Time
Alerting
Machine
Learning
Collect any Machine Data. No Connectors. No Schema
77. Model user journeys on $1.5 Billion
Online Sales for Load Testing
Enhanced Operational
Intelligence
Collaboration across
all business
Operational
visibility
of issues before
they are reported
79. 79
Business Insights & Alerting
79
• Monitors trending of Website activity
including conversion
• Instant alerting if product sells quicker
than is normal
• Able to identify if product is miss-
priced – leading to reduced risk of
bad PR and customer satisfaction
Value:
80. 80
Customer Journeys
80
• All user journeys tracked
end-to-end
• Ability to drilldown to
any order to view the
state
• Provides true user journeys
• Better understanding of
customer interactions
• Provides business with real-
time visibility and metrics
of online channel
Value:
94. 94
The Ever-Changing Threat Landscape
9
53%
Victims notified by
external entity
100%
Valid credentials
were used
229
Median # of days
before detection
Source: Mandiant M-Trends Report 2012-2016
95. 95
Source: Verizon DBR
Attacks often start with an email:
50%CLICK ON PHISHING LINKS
WITHIN THE FIRST HOUR
23%OF RECIPENTS OPEN PHISHING
MESSAGES
11%OF RECIPENTS CLICK ON
ATTACHMENTS
96. 96
True Story: State of Michigan (SOM) – User account spoofing
Phishing Mail: Mailbox reached storage limit...
Outlook Web Access Portal custom design of
SOM was rebuilt by attacker
Provide E-Mail, Username, Password and Date
of Birth...
To how many Users was the mail delivered?
How many clicked?
How many filled out?
Delivered to 2800 Employees before being
blocked
155 Employees clicked the link
144 Employees provided their credentials
Source: GISEC 2015 Key Note – Ex CSO Dan Lohrmann
103. 103
Capabilities—Scoping Infections and Breaches
Report
and
Analyze
Custom
Dashboards
Monitor
and Alert
Ad hoc
Search
Threat
Intelligence
Asset
& CMDB
Employee
Info
Data
Stores
Applications
Raw Events
Online
Services
Web
Services
Security
GPS
Location
Storage
Desktops
Networks
Packaged
Applications
Custom
Applications
Messaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call Detail
Records
Smartphones
and Devices
Firewall
Authentication
Threat
Intelligence
Servers
Endpoint
105. 106
Adversary Perspective—Attack Kill Chain
Discovery
Weaponization
Delivery
Exploitation
Installation
Command and
Control (C2)
Actions on
Objectives
Lockheed Martin white paper: Intelligence-Driven Computer Network Defense of Analysis of Adversary Campaigns and Intrusion Kill Chains
107. 108
Kill Chain—Breach Example
http (web) session to
command & control
server
Remote control
Steal data
Persist in company
Rent as botnet
WEB
Delivery Exploitation Installation C2 Actions on Objectives
.pdf
.pdf executes & unpacks malware
overwriting and running “allowed” programs
Svchost.exeCalc.exe
Attacker creates
malware, embed in .pdf,
emails
to the target
MAIL
Read email, open attachment
Threat Intelligence
Access/Identity
Endpoint
Network
110. 111
Demo Review
Challenges
– Difficult to go from threat-intel match to root cause
– Hard to determine – was there a breach?
Sources
– Threat intel – open source threat intel feed
– Network – web proxy logs, email logs
– Endpoint – endpoint monitoring agent
– Access/identity – asset management database
Finding the root cause: connecting the dots
– Match the threat-intel IP to network data to identify the infected machine
– Identify the malicious process by mapping network data to endpoint data
– Discover the infected email by matching local file access to email data
111. 112
Best Practices—Breach Response Posture
Bring in data from at least one from each category:
– Network – next gen firewall or web proxy, email, DNS
– Endpoint – Windows logs, registry changes, file changes
– Threat intelligence – open source or subscription based
– Access and identity – authentication events, machine-user mapping
Establish a security intelligence platform so analysts can:
– Contextualize events, analytics and alerts
– Automate analysis and exploration
– Share techniques and results to learn and improve
112. 113
Source: Verizon DBR2015
IF IT HAPPENS TODAY?
HOW LONG DOES IT TAKE YOU TO
ANSWER UPCOMING QUESTIONS?
50%CLICK ON PHISHING LINKS
WITHIN THE FIRST HOUR
5
113. Travis Perkins built a lean
SOC with Splunk
Close collaboration with IT-Operations
Team for remediation
Moved from a failed SIEM deployment
with appliances to a lean and agile SOC
Quicker from ingesting new data to
creating meaningful correlations
115. 116
Next Step: Discovery Workshop
What’s your Security Use Case?
• Cost justification against your management
• Success measurement
• Prioritization
• Scoping of data sources / data volume / costs
• Establishing organizational processes
• Data privacy justification
1
116. Explore:
How Travis Perkins built
a SOC in the Cloud
http://blogs.splunk.com/2016/09/14/trust-
and-resilience-at-the-speed-of-business-
how-travis-perkins-built-a-lean-soc-with-
splunk-in-the-cloud/
Join:
Our Community with
Apps, Ask Questions or
join a SplunkLive! event
https://www.splunk.com/en_us/community.html
Try:
Splunk Enterprise Security
in our Sandbox with 50+
Data Sources
https://www.splunk.com/getsplunk/es_sandbox
Q&A
Thank you