Wussten Sie, dass Ihre Paket- bzw. Übertragungsdaten wertvolle und detailierte Einblicke für Ihre gesamte Operational Intelligence liefern? In dieser Session erfahren Sie mehr über die skalierbare Softwarelösung Splunk App for Stream (keine Hardware Taps notwendig), welche bestehende Andwendungsszenarien von Splunk in der IT und im Geschäftsbereich verstärkt und erweitert. In einer Live Demo zeigen wir Ihnen, wie Sie mit Übertragungsdaten zu mehr Operational Intelligence gelangen hinsichtlich:
Infrastructure Operations
Application Management
Security
This OTP presentation explains a whole overview of OTP, Method of Generating, Algorithm, Security and Performance Analysis, Method of Delivering, and N-Factor Authentication.
It is common to base a firewall on a stand - alone machine running a common Os, Firewall functionality can also be implemented as a software module in a router or LAN switch.
Cybersecurity Incident Management Powerpoint Presentation Slides are designed for information technology experts. Our data security PowerPoint theme combines high-quality design with info accumulated by industry experts. Represent the present situation of the target organization’s information security management using our patterned PPT slideshow. The innovative data visualizations aid in compiling data such as the analysis of the current IT department with considerable convenience. Communicate the cybersecurity framework roadmap and kinds of cyber threats with the help of this PowerPoint layout. Demonstrate the cybersecurity risk management action plan through the tabular format included in this PPT presentation. Illustrate the cybersecurity contingency plan. Our information security management system PowerPoint templates deck helps you in defining risk handling responsibilities of your personnel. Elucidate the role of the management in successful information security governance. Our PPT deck also outlines the costs involved in cybersecurity management and staff training. Showcase an impact analysis with a dash of visual brilliance. Smash the download button and start designing. Our Cybersecurity Incident Management Powerpoint Presentation Slides are topically designed to provide an attractive backdrop to any subject. Use them to look like a presentation pro. https://bit.ly/3zWo1hb
Network Access Control, or NAC, solutions enhance network security by reducing the likelihood of unauthorized access and mitigating several threats and vulnerabilities. With a NAC, you can define and implement security policies that allow client machines access to network resources only when certain conditions are met.
In this lightning talk we will explore one approach to getting multi-stakeholder agreement on Enterprise Architecture decisions focused on a defence in depth security model. Corporate enterprise technology environments can be large and complicated. And when it comes to making changes to the internet facing security environment both rigorousness and resistance to change increase. These increased challenges can be overcome with good project / process management, solid end-to-end architecture, and a comprehensive decision making template. In a nutshell, this talk explores the enterprise architecture decision.
This OTP presentation explains a whole overview of OTP, Method of Generating, Algorithm, Security and Performance Analysis, Method of Delivering, and N-Factor Authentication.
It is common to base a firewall on a stand - alone machine running a common Os, Firewall functionality can also be implemented as a software module in a router or LAN switch.
Cybersecurity Incident Management Powerpoint Presentation Slides are designed for information technology experts. Our data security PowerPoint theme combines high-quality design with info accumulated by industry experts. Represent the present situation of the target organization’s information security management using our patterned PPT slideshow. The innovative data visualizations aid in compiling data such as the analysis of the current IT department with considerable convenience. Communicate the cybersecurity framework roadmap and kinds of cyber threats with the help of this PowerPoint layout. Demonstrate the cybersecurity risk management action plan through the tabular format included in this PPT presentation. Illustrate the cybersecurity contingency plan. Our information security management system PowerPoint templates deck helps you in defining risk handling responsibilities of your personnel. Elucidate the role of the management in successful information security governance. Our PPT deck also outlines the costs involved in cybersecurity management and staff training. Showcase an impact analysis with a dash of visual brilliance. Smash the download button and start designing. Our Cybersecurity Incident Management Powerpoint Presentation Slides are topically designed to provide an attractive backdrop to any subject. Use them to look like a presentation pro. https://bit.ly/3zWo1hb
Network Access Control, or NAC, solutions enhance network security by reducing the likelihood of unauthorized access and mitigating several threats and vulnerabilities. With a NAC, you can define and implement security policies that allow client machines access to network resources only when certain conditions are met.
In this lightning talk we will explore one approach to getting multi-stakeholder agreement on Enterprise Architecture decisions focused on a defence in depth security model. Corporate enterprise technology environments can be large and complicated. And when it comes to making changes to the internet facing security environment both rigorousness and resistance to change increase. These increased challenges can be overcome with good project / process management, solid end-to-end architecture, and a comprehensive decision making template. In a nutshell, this talk explores the enterprise architecture decision.
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
This deck will provide an in-depth review of the SOC 2 report objectives, updated from 2015, discuss structure and areas to focus, and participants will also benefit from valuable lessons learned from Schellman’s extensive SOC 2 experience.
Getting Started with Splunk Enterprise - DemoSplunk
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
The calendar application presented here is a very simple console application developed using C programming language. It is compiled in Code::Blocks using GCC compiler.
It is built without using graphics properties; instead, it utilizes many windows properties to give the application a colorful look and feel.
This application utilizes file handling and various other basic aspects of the C language.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
The SOC 2 examination's popularity has dramatically increased since its inception. This is due to growing concerns regarding information security have heightened scrutiny of organization’s control infrastructure and driven the demand for attestation reports.
Join BrightLine Principal, Debbie Zaller and Senior Manager, Doug Kanney during this free webinar - and learn how a SOC 2 examination can help your organization. Become familiar with the SOC 2's report objectives, learn about its structure and areas to focus, and benefit from some valuable lessons we've learned from extensive experience.
This session will provide you with a:
• Overview of the SOC 2 background
• Definition of the AICPA Framework
• Overview of the purpose and scope
• Discussion of the common challenges and benefits
• Requirements of the examination process
• Discussion of the alignment with other standards
UNIT III ROUTING PROTOCOLS AND TRANSPORT LAYER IN AD HOC WIRELESS NETWORKS -Issues in designing a routing and Transport Layer protocol for Ad hoc networks- proactive routing, reactive routing (on-demand), hybrid routing- Classification of Transport Layer solutions-TCP over Ad hoc wireless Networks.
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
The project title for this task force is “Cyber Security Maturity Model for Organizations”. Some of the
key things that you are going to learn from this presentation is:
The user organizations will learn, how to easily adapt a cyber security maturity assessmentmodel based on the widely accepted frameworks such as NIST CSF and ISO27001:2013
The readers will learn about the core information security domains and how to plan forsecurity activities around those core domains
The readers will learn how to prioritize the security budget and draw out the securitycontrol implementation roadmap for their organization
The readers will learn to apply a risk informed approach to information security for theirorganizations which can be used to educate about and sell security to their CEO’s and board members.
ControlCase covers the following:
- What does SOC stand for?
- What is SOC 2 compliance?
- What is SOC 2 certification?
- What is a SOC 2 report?
- Who can perform a SOC 2 audit?
- How do managed service providers comply with SOC 2
- How to lower cost of SOC 2 audit?
- ControlCase methodology for SOC 2 compliance
Daten anonymisieren und pseudonymisieren mit Splunk
Es gibt unterschiedlichste Gründe, warum Maschinendaten vor unberechtigten Zugriffen geschützt werden sollten. Interne und Externe Compliance Vorgaben sowie "Privacy by Design" Strategien zur Verbesserung der Sicherheit oder als Teil einer Risiko-Minimierungsstrategie werden für Unternehmen im Big Data Bereich immer wichtiger. In dieser Session erfahren Sie, wie Sie Ihre Maschinendaten auf unterschiedlichen Ebenen schützen:
in Motion: sichern Sie die Verbindungen von und zu Splunk Enterprise ab
Datenintegrität: stellen Sie die Datenintegrität der in Splunk gespeicherten Daten sicher
At Rest: verschlüsseln Sie alle Daten, die Splunk auf Disk schreibt
Einzelne sensible Felder in Ihren Maschinendaten anonymisieren / pseudonymisieren
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
This deck will provide an in-depth review of the SOC 2 report objectives, updated from 2015, discuss structure and areas to focus, and participants will also benefit from valuable lessons learned from Schellman’s extensive SOC 2 experience.
Getting Started with Splunk Enterprise - DemoSplunk
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
The calendar application presented here is a very simple console application developed using C programming language. It is compiled in Code::Blocks using GCC compiler.
It is built without using graphics properties; instead, it utilizes many windows properties to give the application a colorful look and feel.
This application utilizes file handling and various other basic aspects of the C language.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
The SOC 2 examination's popularity has dramatically increased since its inception. This is due to growing concerns regarding information security have heightened scrutiny of organization’s control infrastructure and driven the demand for attestation reports.
Join BrightLine Principal, Debbie Zaller and Senior Manager, Doug Kanney during this free webinar - and learn how a SOC 2 examination can help your organization. Become familiar with the SOC 2's report objectives, learn about its structure and areas to focus, and benefit from some valuable lessons we've learned from extensive experience.
This session will provide you with a:
• Overview of the SOC 2 background
• Definition of the AICPA Framework
• Overview of the purpose and scope
• Discussion of the common challenges and benefits
• Requirements of the examination process
• Discussion of the alignment with other standards
UNIT III ROUTING PROTOCOLS AND TRANSPORT LAYER IN AD HOC WIRELESS NETWORKS -Issues in designing a routing and Transport Layer protocol for Ad hoc networks- proactive routing, reactive routing (on-demand), hybrid routing- Classification of Transport Layer solutions-TCP over Ad hoc wireless Networks.
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
The project title for this task force is “Cyber Security Maturity Model for Organizations”. Some of the
key things that you are going to learn from this presentation is:
The user organizations will learn, how to easily adapt a cyber security maturity assessmentmodel based on the widely accepted frameworks such as NIST CSF and ISO27001:2013
The readers will learn about the core information security domains and how to plan forsecurity activities around those core domains
The readers will learn how to prioritize the security budget and draw out the securitycontrol implementation roadmap for their organization
The readers will learn to apply a risk informed approach to information security for theirorganizations which can be used to educate about and sell security to their CEO’s and board members.
ControlCase covers the following:
- What does SOC stand for?
- What is SOC 2 compliance?
- What is SOC 2 certification?
- What is a SOC 2 report?
- Who can perform a SOC 2 audit?
- How do managed service providers comply with SOC 2
- How to lower cost of SOC 2 audit?
- ControlCase methodology for SOC 2 compliance
Daten anonymisieren und pseudonymisieren mit Splunk
Es gibt unterschiedlichste Gründe, warum Maschinendaten vor unberechtigten Zugriffen geschützt werden sollten. Interne und Externe Compliance Vorgaben sowie "Privacy by Design" Strategien zur Verbesserung der Sicherheit oder als Teil einer Risiko-Minimierungsstrategie werden für Unternehmen im Big Data Bereich immer wichtiger. In dieser Session erfahren Sie, wie Sie Ihre Maschinendaten auf unterschiedlichen Ebenen schützen:
in Motion: sichern Sie die Verbindungen von und zu Splunk Enterprise ab
Datenintegrität: stellen Sie die Datenintegrität der in Splunk gespeicherten Daten sicher
At Rest: verschlüsseln Sie alle Daten, die Splunk auf Disk schreibt
Einzelne sensible Felder in Ihren Maschinendaten anonymisieren / pseudonymisieren
Getting Started Getting Started With Splunk EnterpriseSplunk
Sie sind neu beim Thema Splunk? Und Sie brennen darauf mit der Splunk Software loszulegen? Dann kommen Sie in diese Breakout Session und erfahren Sie mehr zur Splunk Software und unserer Technologie, inklusive einer Live Demo, die alle Basics beinhaltet wie Installation, wie bekommt man Daten rein und wie nutzt man Splunk Enterprise. Im Detail lernen Sie:
- Was ist Splunk und wodurch unterscheiden wir uns
- Wie installiert man Splunk und wie kann man Daten analysieren
- Wie bildet man Suchen, Alerts und Reports
- Wie nutzt man Feld Extraktionen, die Splunk Search Language, und Applikationen
Wussten Sie, dass die Splunk Search Processing Language (SPL) weit mehr kann als “nur” suchen? Wir zeigen Ihnen in unserer Session die gesamten Möglichkeiten von SPL! Erfahren Sie, wie Sie sie zum Suchen, Transformieren und Visualisieren von jeglichen Maschinendaten mit über 140 Befehlen nutzen können . In dieser Breakout Session lernen Sie neue Techniken kennen, die Ihnen dabei helfen können, weitere Use Case Möglichkeiten zu entdecken. Finden Sie heraus, wie Sie folgendes besser machen können:
- "Die Nadel im Heuhaufen finden" sowie Root Cause Analysen
- Verbinden von ungleichen Datensätzen und Erforschen von Beziehungen zwischen Feldern
- Geografische Datenvisualisierungen in nahezu Echtzeit
- Statistiken kalkulieren, Anomalien finden und Ergebnisse vorhersagen.
Daten getriebene Service Intelligence mit Splunk ITSISplunk
Service Intelligence Modelle sind am effektivsten, wenn Sie auch mit speziellen Geschäftszielen und Initiativen verbunden sind und wenn sie kontinuierlich diese Zielerreichung messen. In dieser Session behandeln wir Best Practices und Techniken, um Ihre Service Intelligence Initiativen voranzutreiben. Wir werden ein effektives Serivce Intelligence Modele näher analysieren und dann ein Beispiel Modell entwerfen, mit dem sich die Geschäftsziele erreichen lassen und auch die Ziele für den Gschäftsmehrwert messen lassen.
Sie haben viel Geld für Ihre Security Infrastruktur ausgegeben. Wie führen Sie nun all die verschiedenen Systeme zusammen, damit Sie Ihre Ziele erreichen: Bedrohungen schnelle entdecken, darauf reagieren und sie zukünftig zu verhindern. Gleichzeitg soll es Ihrem Security Team natürlich möglich sein, im Sinne Ihre Geschäftstätigkeit und Strategie zu handeln. Erfahren Sie hier, wie Sie Ihre Security Ressources am effektivsten einsetzen. Wir zeigen Ihnen das Ganze in einer Live Demo.
Sie haben von Machine Learning gehört, aber wissen nicht ganz genau, was es ist oder wofür es gut sein soll? Erfharen Sie mehr zu Andwendungsfällen im Bereich Security, IT Operations, Business Analytics und Internet of Things / Industrie 4.0. Sehen Sie Machine Learning in Action in splunk und finden Sie heraus, wo Ihre Datenreise als nächstes hinführt.
UX, ethnography and possibilities: for Libraries, Museums and ArchivesNed Potter
These slides are adapted from a talk I gave at the Welsh Government's Marketing Awards for the LAM sector, in 2017.
It offers a primer on UX - User Experience - and how ethnography and design might be used in the library, archive and museum worlds to better understand our users. All good marketing starts with audience insight.
The presentation covers the following:
1) An introduction to UX
2) Ethnography, with definitions and examples of 7 ethnographic techniques
3) User-centred design and Design Thinking
4) Examples of UX-led changes made at institutions in the UK and Scandinavia
5) Next Steps - if you'd like to try out UX at your own organisation
The technologies and people we are designing experiences for are constantly changing, in most cases they are changing at a rate that is difficult keep up with. When we think about how our teams are structured and the design processes we use in light of this challenge, a new design problem (or problem space) emerges, one that requires us to focus inward. How do we structure our teams and processes to be resilient? What would happen if we looked at our teams and design process as IA’s, Designers, Researchers? What strategies would we put in place to help them be successful? This talk will look at challenges we face leading, supporting, or simply being a part of design teams creating experiences for user groups with changing technological needs.
An immersive workshop at General Assembly, SF. I typically teach this workshop at General Assembly, San Francisco. To see a list of my upcoming classes, visit https://generalassemb.ly/instructors/seth-familian/4813
I also teach this workshop as a private lunch-and-learn or half-day immersive session for corporate clients. To learn more about pricing and availability, please contact me at http://familian1.com
3 Things Every Sales Team Needs to Be Thinking About in 2017Drift
Thinking about your sales team's goals for 2017? Drift's VP of Sales shares 3 things you can do to improve conversion rates and drive more revenue.
Read the full story on the Drift blog here: http://blog.drift.com/sales-team-tips
How to Become a Thought Leader in Your NicheLeslie Samuel
Are bloggers thought leaders? Here are some tips on how you can become one. Provide great value, put awesome content out there on a regular basis, and help others.
PDF, audio, and voiceover are now available on designintechreport.wordpress.com
Today’s most beloved technology products and services balance design and engineering in a way that perfectly blends form and function. Businesses started by designers have created billions of dollars of value, are raising billions in capital, and VC firms increasingly see the importance of design. The third annual Design in Tech Report examines how design trends are revolutionizing the entrepreneurial and corporate ecosystems in tech. This report covers related M&A activity, new patterns in creativity × business, and the rise of computational design.
How To Use Kafka and Druid to Tame Your Router Data (Rachel Pedreschi and Eri...confluent
Do you know who is knocking on your network’s door? Have new regulations left you scratching your head on how to a handle what is happening in your network? Network flow data helps answer many questions across a multitude of use cases including network security, performance, capacity planning, routing, operational troubleshooting and more. Today’s modern day streaming data pipelines need to include tools that can scale to meet the demands of these service providers while continuing to provide responsive answers to difficult questions. In addition to stream processing, data needs to be stored in a redundant, operationally focused database to provide fast, reliable answers to critical questions. Together, Kafka and Druid work together to create such a pipeline.
In this talk Eric Graham and Rachel Pedreschi will discuss these pipelines and cover the following topics: Network flow use cases and why this data is important. Reference architectures from production systems at a major international Bank. Why Kafka and Druid and other OSS tools for Network flows. A demo of one such system.
How To Use Kafka and Druid to Tame Your Router Data (Rachel Pedreschi, Imply ...confluent
Do you know who is knocking on your network’s door? Have new regulations left you scratching your head on how to handle what is happening in your network? Network flow data helps answer many questions across a multitude of use cases including network security, performance, capacity planning, routing, operational troubleshooting and more. Today’s modern day streaming data pipelines need to include tools that can scale to meet the demands of these service providers while continuing to provide responsive answers to difficult questions. In addition to stream processing, data needs to be stored in a redundant, operationally focused database to provide fast, reliable answers to critical questions. Together, Kafka and Druid work together to create such a pipeline.
In this talk Eric Graham and Rachel Pedreschi will discuss these pipelines and cover the following topics:
-Network flow use cases and why this data is important.
-Reference architectures from production systems at a major international Bank.
-Why Kafka and Druid and other OSS tools for Network Flows.
-A demo of one such system.
Why And When Should We Consider Stream Processing In Our Solutions Teqnation ...Soroosh Khodami
Session Recording on Youtube
https://www.youtube.com/watch?v=uWPZQ_HMy10
- Session Description
Do you find yourself bombarded with buzzwords and overwhelmed by the rapid emergence of new technologies? "Stream Processing" is a tech buzzword that has been around for some time but is still unfamiliar to many. Join this session to discover its potential in software systems. I will share insights from Apache Flink, Apache Beam, Google Dataflow, and my experiences at Bol.com (the biggest e-commerce platform in the Netherlands) as we cover:
- Stream Processing overview: main concepts and features
- Apache Beam vs. Spring Boot comparison
- Key Considerations for Using Stream Processing
- Learning strategies to navigate this evolving landscape.
An overview of how electronic signature objects are generated and used within PDF documents including the overview of Aodbe LiveCycle ES's ability to programmatically work with them server side.
The LAMP (Linux/Apache HTTP Server/MySQL/PHP) stack has dominated web infrastructures, in the IoT it is believed a similar open source stack will dominate IoT deployments. This presentation will look at the new technology requirements and architectures required for IoT solutions. It will identify three stacks of software required by any IoT solution, and finally present how open source communities, such as the Eclipse IoT community, are already supplying the critical software technology needed by IoT solution providers.
Presented at IoT Evolution, Feb 8 2017
Dopo una breve introduzione dei concetti di base legati all'Internet of Things, durante questa sessione si fornirà una panoramica degli strumenti che Microsoft mette a diposizione degli sviluppatori per creare le proprie soluzioni IoT: Windows 10 for IoT e alcuni servizi di Azure quali Event Hubs e Stream Analytics. Si utilizzerà un semplice esempio di telemetria per mostrare la realizzazione pratica di uno scenario end-to-end per la trasformazione dei dati provenienti da un sensore in informazioni utili per effettuare analisi e/o prendere decisioni.
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
4. 5
Problem Statement
ITOA / APM / NPM:
• How do we get accurate data for my mission?
Security Analysis:
• Details of conversations may
not be contained in logs
• Security data may be hard to
acquire
• If an entity is compromised, it
may not log at all!
• Applications may not accurately
report their own performance
• Better to rely on an external agent
to report the health of an entity
than the entity itself (especially if
it’s underperforming!)
5. 6
Solution: Wire Data with Splunk Stream!
monitor application conversations and network performance
Direct ingest into Splunk (no props/transforms)
Stream is not a dedicated
– APM / NPM tool, but has aspects of both
– Security Analytics tool, but data is useful for both real-time and forensic security
analysis
It’s Free! https://splunkbase.splunk.com/app/1809/
7. 9
How Will Wire Data Help Solve the Problem?
Wire data represents capture of true conversations between endpoints
It has the “omniscient view” of what actually transpired
The conversations contain the details about each transaction, including
the time of occurrence
Less chance of interference
– Intentional / Malicious
– Load or resource based
8. 10
Stream Metadata vs. Flow Records
Splunk Stream
7. Application
6. Presentation
5. Session
4. Transport
3. Network
2. Data Link
1. Physical
• Traditional Wire Data flow-type records (such
as NetFlow) generally contains only IP
addresses and TCP or UDP ports.
• While this can show host-host connections, it
doesn’t give any insight about the content of
those conversations (like telephone call
records)
• Splunk Stream parses wire data all the way up
the stack and generates Events with
information at every level (more akin to a
written transcript of a phone call)
Flow-type Data
7. Application
6. Presentation
5. Session
4. Transport
3. Network
2. Data Link
1. Physical
9. 11
Stream Metadata vs Full Packet Capture
Stream Metadata contains essential content information:
– L3/L4 and L7 headers and payload
Eliminates the redundancy of thousands of identical headers
– Significantly smaller data storage
10. 12
Stream events in Splunk
1. L2/L3/L4 Flow info (IP, Port,
Proto,App name)
2. L7 Protocol Info (HTTP headers,
SMTP adresses, DNS query/resp)
3. L7 Full bidirectional payload (possibly
hashed or hex encoded)
4. Directly measured metrics (byte
count, resp. time)
5. Empirically derived heuristics (round-
trip, server dealy)
6. Any specific fields, configurable
13. 15
Wire Data Collection / Metadata Generation
End Users
TAP or SPAN Servers
Protocol
Decoder
(Deep Packet
Inspection)
EventsDecryption
(If Necessary)
Request/
Response
Packets
14. 16
What’s Available In Splunk Stream Data?
Performance Metrics
Round Trip Time
Client Request Time
Server Reply Time
Server Send Time
Total Time Taken
Base HTML Load Time
Page Content Load Time
Total Page Load Time
Application Data
POST Content
AJAX Data
Section
Sub-Section
Page Title
Session Cookie
Proxied IP Address
Error Message
Business Data
Product ID
Customer ID
Shopping Cart ID
Cart Items
Cart Values
Discounts
Order ID
Abandoned?
15. 17
Splunk Stream (7.0)
Metadata Collection
– Collects essential elements of the
application conversation
– Eliminates redundancy of duplicate
packet headers
Live Interface Collection Option
– Collect directly on hosts
– Also from a tap or SPAN port
Estimate Mode
– Deploy Stream without collecting data (or
affecting license)
Commercial App Detection (300+)
– Works even if the app is encrypted
Aggregation Mode
– Statistics generated at endpoint
– Similar to “stats sum(x)” in SPL
Filtering at Endpoint
Out-of-Box Content
– Dashboards for common protocols
Distributed Forwarder Mgt
– Similar to Splunk UF mgt
– All config centrally managed
– Forwarder Groups
1GbE and 10GbE link options
– 10 GbE uses DPDK SDK (dpdk.org)
16. 18
Protocols Parsed with Stream 7.0
Simple Transport
TCP
UDP
IP
Infrastructure
ARP
DHCP
SNMP
DNS
ICMP
File Transfer
FTP
HTTP
File Service
NFS
SMB
Email
IMAP
MAPI
POP3
SMTP
Messaging
AMQP
IRC
SMPP
XMPP
Authentication
Diameter
LDAP
RADIUS
Database
MYSQL
Postgres
TDS (Sybase / MS-SQL)
TNS (Oracle SQL*Net)
VoIP
SIP
RTP
17. 19
Commercial Application Detection
Add the many hundreds of applications to be detected to the TCP
stream type existing “app” field
Help diagnose the problem of:
– “what is going over port 80”?
– “what’s taking all of my bandwidth?”
DOES NOT PARSE applications, simply detects them
– Will detect encrypted protocols!
– Will detect vendor-proprietary protocols!
– Uses empirical patterns, DNS, Cert CNs and other methods
Current feature supports 300+ applications, many more to be added
18. 20
300+ Commercial Applications Detected
Adobe Flash Plugin Update Adobe Update Manager AIM express AIM Transfer AllMusic.com Altiris Amazon Ad System Amazon Cloud Drive Amazon Generic Services Amazon MP3 Amazon Video
Amazon Web Services/Cloudfront CDN Android connectivity Manager Aol AOL Instant Messenger (formerly OSCAR) Apple AirPlay Apple Airport Apple AirPrint Apple App Store Apple FaceTime Apple
Generic Services Apple HTTP Live Streaming Apple Location Apple Maps Apple Music Apple Push Notification Service Apple SIRI Apple Update ASProxy Atlassian Background Intelligent Transfer
Service Baidu Player Baidu_wallet Baidu.com Bet365.com Bitcoin client BitTorrent Bittorrent Apps BitTorrent Bleep (aka BitTorrent Chat) BlackBerry Locate BlackBerry Messenger BlackBerry
Messenger Audio BlackBerry Messenger Video BlackBerry.com Border Gateway Protocol CARBONITE CCProxy ChatON Chatroulette.com Chrome Update Cisco Discovery Protocol Cisco MeetingPlace
Cisco Netflow Common Unix Printer System Crackle craigslist Data Stream Interface DB2 Debian/Ubuntu Update Dropbox Download Dropbox Upload Dropbox.com eBay.com Edonkey Evernote.com
EverQuest - EverQuest II Facebook Facebook Messenger FarmVille Find My iPhone Firefox Update Flickr Generic Routing Encapsulation GitHub Gmail Basic Gmail drive Gmail Mobile GNUnet Gnutella
Google Accounts Google Analytics Google App Engine Google Cache Google Calendar Google Chat Google Cloud Messaging Google Cloud Storage Google Documents (aka Google Drive) Google Earth
Google Generic Google groups Google GStatic Google Hangouts (formerly Google Talk) Google Mail Google Maps Google Picasa Google Play Music,Google Play Musique Google Play Store Google Plus
Google Safe Browsing Google Tag Manager Google Toolbar Google Translate Google.com GoToDevice Remote Administration GoToMeeting Online Meeting GoToMyPC Remote Access GPRS
Tunneling Protocol GPRS Tunneling Protocol version 2 Half-Life Hi5.com High Entropy Hot Standby Router Protocol HP Printer Job Language Hulu HyperText Transfer Protocol version 2,HTTP/2 I2P
Invisible Internet Project IBM Informix IBM Lotus Sametime IBM SmartCloud IBM Websphere MQ iCloud (Apple) iHeartRADIO iMessage File Download Imgur.com Independant Computing
Architecture (Citrix) Instagram Internet Group Management Protocol Internet Printing Protocol Internet Security Association and Key Management Protocol Internet Small Computer Systems
Interface iOS over-the-air (OTA) update IP Payload Compression Protocol IP-in-IP tunneling IPsec Encapsulating Security Payload IRC File Transfer Data iTunes Jabber File Transfer Java Update JEDI
(Citrix) Kazaa (FastTrack protocol) KIK Messenger King Digital Entertainment LinkedIn.com Live hotmail for mobile Livestream.com LogMeIn Rescue magicJack Mail.ru Agent Maktoob mail Media
Gateway Control Protocol Message Session Relay Protocol Microsoft ActiveSync Microsoft Lync Microsoft Lync Online Microsoft Office 365 Microsoft Remote Procedure Call Microsoft Service Control
Microsoft SharePoint Microsoft SharePoint Administration Application Microsoft SharePoint Blog Management Application Microsoft SharePoint Calendar Management Application Microsoft
SharePoint Document Management Application Multi Protocol Label Switching data-carrying mechanism Nagios Remote Data Processor Nagios Remote Plugin Executor Name Service Provider
Interface Netflix.com NetMeeting ILS Network Time Protocol Nintendo Wi-Fi Connection Nortel/SynOptics Netwok Management Protocol OkCupid Online Certificate Status Protocol Oovoo Open
Shortest Path First Opera Update Orkut.com Outlook Web Access (Office 365) Outlook Web App PalTalk Paltalk audio chat PalTalk Transfer Protocol Paltalk video Pandora Radio Pastebin
Pastebin_posting PCAnywhere Photobucket.com Pinterest.com Playstation Network Plenty Of Fish QIK Video QQ QQ File Transfer QQ Games QQ Mail QQ WeiBo QQ.com QQDownload QQLive
Network Player QQMusic QQStream Quake quic QVOD Player RapidShare.com Real Time Streaming Protocol Remote Desktop Protocol (Windows Terminal Server) Remote Procedure Call RetroShare
Routing Information Protocol V1 Routing Information Protocol V2 Routing Internet Protocol ng1 Rovio Entertainment RSS Salesforce.com SAP SecondLife.com Secure Shell Session Traversal Utilities
for NAT SharePoint Online Silverlight (Microsoft Smooth Streaming) Simple Object Access Protocol Skinny Client Control Protocol Slacker Radio Slingbox Snapchat SOCKet Secure v5 SoMud Bittorrent
tracker SoundCloud SourceForge SPDY Spotify SquirrelMail Steampowered.com Symantec Norton AntiVirus Updates Syslog Systems Network Architecture Teamspeak v2 TeamSpeak v3 TeamViewer
Telnet Teredo protocol Terminal Access Controller Access-Control System Plus TIBCO RendezVous Protocol Tor2web Tumblr Twitch Twitpic Twitter UStream uTorrent uTP (Micro Transport Protocol)
UUSee Protocol VEVO Viber Vimeo.com Vine Virtual Router Redundancy Protocol VMWare vmware_horizon_view Waze Social GPS Maps & Traffic WebEx WhatsApp Messenger WHOIS
WiiConnect24 Wikipedia.com Windows Azure CDN Windows Internet Naming Service Windows Live File Storage Windows Live Groups Windows Live Hotmail Windows Live Hotmail Attachements
Windows Live SkyDrive Windows Live SkyDrive Login Windows Marketplace Windows Update WordPress.com World of Warcraft Xbox Live Xbox Live Marketplace Xbox Music Xbox Video (Microsoft
Movies and Tv) xHamster.com Yahoo groups Yahoo Mail classic Yahoo Mail v.2.0 Yahoo Messenger Yahoo Messenger conference service Yahoo Messenger Transfer Protocol Yahoo Messenger Video
Yahoo Search Yahoo webmail for mobile Yahoo Webmessenger Yahoo.com Yellow Page Bind Yellow Page Passwd Yellow Pages Server Youtube.com
20. 22
Data Estimate Mode (per-Stream)
Stream
Estimate
Estimate
Data Volume
Mode
Selection
21. 23
Prebuilt Reporting
Get visibility into
applications
performance and
user experience
Understand
database activity
and performance
without impacting
database operation
Improve security
and application
intelligence with
DNS analytics
24. 26
Collect and Monitor Data with Stream
Stream has two deployment architectures and two collection
methodologies
Deployment:
– In-line directly on monitored host
– Out-of-band (stub) with TAP or SPAN port
Collection:
– Technical Add-On (TA) with Splunk Universal Forwarder (UF)
– Independent Stream Forwarder using HTTP Event Collector (HEC)
26. 28
Deployment: Run on Servers
Splunk
Indexers
Search Head
Physical or Virtual Servers
Universal Forwarder
Splunk_TA_stream
Physical Datacenter,
Public or Private Cloud
End Users
FirewallInternet
27. 29
Stream Forwarder Options
2. Independent Stream Forwarder
• Makes it easy to add Stream anywhere in your environment
• 1. Stream TA
• Stream deploys as a modular input on
top of your Splunk Forwarders.
• Stream deploys as a stand-alone binary
and communicates via HEC.
• Requires >= Splunk 6.3.1
Splunk
Fwd
Splunk
Indexers
Splunk
Indexers
Any Linux Host
Splunk Forwarder
HTTP/S
28. 31
Distributed Forwarder Management
Gain more deployment flexibility
Increase management efficiency
with per-forwarder protocol
control
Tailor data collection by assigning
different sets of protocols to
groups of forwarders
TNS
MySQL
HTTP
DNS
TCP
SIP
Diameter
UDP
Protocol
Selection,
Configuration
& Distribution
30. 33
Major New Features in Stream 7.0
Splunk Stream 7.0 was released GA in November 2016
NetFlow Collector
– NetFlow v5, v9 (with template support), IPFIX (with vendor extensions)
MD5 Hashing
– Any parsed Stream field, including SMTP attachments and HTTP files
– Integrates with Enterprise Security – Threat Intelligence Framework
Flow Visualization for all IPv4 space
PCAP Upload via SH and Continuous Directory Monitoring via Forwarder
Enhanced Metadata Fields (e.g., FlowID, Protocol Stack, Event Name)
Configuration Templates
– Easier integration with other Splunk products
31. 34
Flow Collection
Active Flow listening socket on Stream Forwarder
Flexible Configuration Options
– Selectable fields and filtering
– Can configure multiple, distinct listening ports on each Stream Forwarder
Supports most common versions of Flow protocols
– Cisco NetFlow, Juniper jFlow, HP sFlow, cFlowd
– NetFlow v5, v9, IPFIX
– V9 with templates (standard and custom)
– IPFIX with vendor extensions
Aggregation of Flow records (pre-indexing) can dramatically reduce the number of
Splunk Events created
Performance > 465,000 flows/second (on a single Independent Stream Forwarder)
32. 35
Flow Collector Data Flow
35
NetFlow Collector
• NetFlow listening sockets
(UDP ports)
• Actively capture Flows
from NetFlow v5, v9,
IPFIX
• Creates Splunk-
compatible Flow Records
• Management from
Stream Centralized UI
NetFlow enabled devices
1
Export NetFlow (over UDP)
2
NetFlow Metadata
captured by Stream
3
Events in Splunk Indexer /
Search Head
4
1
2
4
Router
Network Switch
3
34. 37
MD5 Hashing of Files
File Hashing provides integrity verification of files, can be used for a number of security
use cases
– inbound malware detection
– outbound data loss prevention
Stream generates MD5 hashes equivalent to “md5sum” unix command after decoding
content back to binary
Specifically for SMTP file attachments and HTTP
MD5 hashes generated with Stream integrate directly into the Threat Intelligence
framework of Enterprise Security, and has been tested with ES
As a bonus, *any* non-numeric field can be MD5 hashed using the “Extract New Field”
option. Field can be length-truncated if desired.
35. 38
MD5 Hashing Data Flow
38
MD5 hashing
• Used to enable DLP and
Security use cases
• Examines both inbound
and outbound data
transfer
• Can be used to find IOCs
as well as data exfiltration
• Better metric than file
names or file types
File Transfer Traffic
between Client and Server
directed towards Stream
1
3
Network Switch
Client
Server
(Malware)FileTransfer
Tap or SPAN E
S
TA-
Splice
Threat Intelligence
1
2
Stream generates MD5
hashes of files, sends to
Splunk Indexers
2 MD5 hashes compared
against Threat Intel from
public databases
3
Internet
36. 39
Flow Visualization
Designed to show limited Client->Server interaction for IPv4 address
space. Overview and Detail views
Can be used in real-time, interactive, and forensic modes
Bubble chart that animates as flows appear (Detail view only)
3
37. 40
Flow Visualization Detail View
4
Horizontal Trends show your
externally-accessible hosts
The Bubbles animate in
real-time or in play-
back mode
Vertical Trends
illustrate your
internal host
address space
40. 43
FAQ
• Yes. The app enables capture of only the relevant network/wire data
for analytics, through filters and aggregation rules
• Select or deselect protocols and associated attributes with fine-grained
precision within the app interface
Can I limit the amount of
data collected with Stream?
• Data volume can vary based upon the number of selected protocols,
attributes and the amount of network traffic
• Use Stream Estimate to understand the indexing impact
How can I estimate my
indexing volume?
• Stream can be installed on any physical or virtual host running
supported OS, on premises or in the cloud
• It can be installed off of TAP and SPAN ports
• It can be deployed in combination with TAP aggregation or visibility
switches
Where is Stream typically
installed?
With this app, Splunk customers deep insights about can capture application transaction times, transaction paths, network performance, and even database queries. Correlating wire data with other application and infrastructure data in Splunk software such as logs, metrics and events, As a result users are getting insights about app, service or network availability, performance and usage of their servicesVisualize application and database insights including applications transactions, HTTP error codes, response times, top URIs database queries needing deep instrumentation or impact on monitoring system
As a software solution, the Splunk App for Stream can be deployed on any type of cloud (in a VM). Our customers start gaining immediate insights into apps and cloud dinfrastrctucture without the deep instrumentation . This provides real-time visibility into any public, private or hybrid cloud infrastructure through insights from wire data. Additionally, customers can now securely decrypt SSL encrypted data for data completeness. As the nature of the apps runjning in the cloud is ephemeral, you can tailor your data collection easily. This can be achieved through temporary streams or fine grain monitoring.
Lastly, can be rapidly deployed to collect streaming network data to everyone,
We will cover just three examples in this section. There are many more – please refer to presentation titles Stream Customer Success Examples.
This section covers the important features from the older releases. Skip, if the customer is familiar with the older releases.
We will cover just three examples in this section. There are many more – please refer to presentation titles Stream Customer Success Examples.