SlideShare a Scribd company logo

Splunk User Group Edinburgh - September Event

Download as PPTX, PDF
H
Harry McLaren

The slides used at our September meet up to cover the topics of large scale Splunk deployments and how to secure Splunk Enterprise.

Technology
1 of 27
Copyright © 2016 Splunk Inc. Splunk User Group Edinburgh Deployment & Security September 2016
Introduction - Harry McLaren 2 ● Alumnus of Edinburgh Napier ● Security Consultant at ECS – Role: Splunk Professional Services & Enablement Lead – Specialism: SIEM & Splunk Architecture Global Splunk Partner Revolution Award - 2016
3
Agenda • Housekeeping: Overview & House Rules • Presentation: Deployment Best Practices • Group Discussion: Deployment Challenges & Solutions • Presentation: Security Best Practices • Group Discussion: Security Challenges & Solutions • Group Discussion: Favourite Use Cases [Optional] 4
[Splunk Official] User Group “The overall goal is to create an authentic, ongoing user group experience for our users, where they contribute and get involved” ● User Lead ● Technical Discussions ● Sharing Environment ● Build Trust (With Community & Splunk) ● No Sales! 5
What Do You Want From A User Group? 6
Deployment Best Practices
Complex Architecture 8 Indexer Universal Forwarder Search Head Cluster Management Forwarder Management Heavy Forwarder
Planning & Design 9 ● High Level Design & Environment Diagram ● High Availability / Load Balancing – Minimum Number of Nodes (SHC x3 / IXC x2-3) – Forwarder Based (AutoLB), Search Heads (Persistent Sessions via Load Balancer) ● Hardware & Storage Requirements – Availability / Retention / Archiving ● Development / Staging Environment ● Environment Orchestration & Configuration – Version Control, Configuration Management, Access Management, Packaging
Pre-Implementation 10 ● Raise Required Changes (Network, Identity, Architecture) ● Validate Connectivity & System Access ● Download Binaries / Licences / Apps – Splunk Software & Splunk Licenses ● Ensure DNS Records Function – IP Addresses Should Be Avoided In Config (Use DNS Records) ● Forwarder Deployment – Engage with Platform Teams – Develop Automation Script (Requires deploymentsclient.conf with DNS Entry)
Implementation 11 ● Build Sequence – Management Layer > Indexer Layer > Search Layer ● Data Source On-boarding Process – Use Case Identification, Data Source Profiling, Develop, Test & Deliver (RTL) ● Utilise Splunk Apps & Add-ons (Free & Premium) – Unix App, Windows Infrastructure App, VM Ware App, Apache App, Etc. ● Bundle Search Objects Into Custom Apps – Breakdown by Business Unit, Grouped Use Cases, Etc. ● Use Splunk Documentation & Splunk Answers for Guidelines
Post-Implementation 12 ● Update Designs / Diagrams (Delivered Implementation) ● Training & Knowledge Sharing – Education Courses (Free / Paid), Community Support & Partner Training ● Identify Splunk Champions – Technical & Business ● Build Business Value – Identify Secondary User Cases ● Build Entitlement Framework – Cost Centre Clawback, Shared Financial Burden, Shared Responsibility
Any Questions? 13
Deployment Challenges & Solutions (Group Discussion)
Deployment Challenges & Solutions 15 ● Example Challenges / Solutions: – Source Data Access ‣ Early SME Engagement & EventGen App? – Hardware Challenges ‣ Develop Deployment Config in the Cloud? ● Discussion Time Limit: 15mins
Security Best Practices
Pre-Install Hardening & Validation 17 ● Secure Operating System Pre-Installation ● Industry Standard Guidelines – Centre For Internet Security (CIS) - Security Benchmarks ● Create Splunk Specific User/Group with Relevant Permissions – Ensure Splunk Doesn’t Run as ‘Administrator’ or ‘Root’ ● Verify Integrity of Binaries (Checksum Hash / Signature)
Implementation Hardening 18 ● User Authentication & Role-Based Access Control ● Transport Encryption & Authentication (TLS) ● Secure Password Deployment – Shared splunk.secret / Hashed Passwords in Deployment Apps ● Access Control Lists – Simple IP/DNS Whitelisting or Blacklisting ● Disable Unnecessary Splunk Components (Splunk Web / REST Port) ● Configuration Change Monitoring via Splunk
Monitoring Environment (Security & IT Ops) 19 ● Collect Local Operating System Hosts Logs / Report on Anomalies – Security, Access, Application, Configuration, Patching & Performance ● Forward All Splunk’s Internal Logs into Indexers ● Splunk Crafted Reporting for ‘Splunk’ (Previously: Splunk on Splunk) – Indexing Performance, Search Performance, Search Activity, Missing Forwarders ● Report On Users Attempting to Search Restricted Indexes ● Use Data Integrity Checking & Monitor Exceptions
Any Questions? 20
Security Challenges & Solutions (Group Discussion)
Security Challenges & Solutions 22 ● Example Security Challenges: – Easier Implementation of Transport Encryption (TLS)? ‣ Scripted Certification Generation & Deployment via App – How to Segment Data? ‣ According to Business Unit or Use Case (via Indexes) ● Discussion Time Limit: 15mins
Favourite Use Cases (Group Discussion)
Favourite Use Cases 24 ● Example Use Cases: – Self Healing with ServiceNow Integration with Ansible – IT Operational Monitoring with IT Service Intelligence (Glass Tables) – Malicious Behaviour Detection with Entropy Analysis on DNS Logs ● Discussion Time Limit: 15mins
Updates Announced at .conf 2016 ● Introducing Splunk Enterprise 6.5 - Available Now ‣ Splunk ML Toolkit – a guided workbench and SPL extensions to help you create and operationalize your own custom analytics based on your choice of algorithms. ‣ Tables, a new feature that lets you create and analyse tabular data views without using SPL. ‣ Hadoop Data Roll give you another way to reduce historical data storage costs while keeping full search capability. ● New Releases (General Availability October 2016): – Splunk Enterprise Security [Minor Release] – Splunk IT Service Intelligence [Major Release] – Splunk User Behaviour Analytics [Major Release] 25
Get Involved! ● Splunk User Group Edinburgh – https://usergroups.splunk.com/group/splunk-user-group-edinburgh.html ● Splunk’s Slack Group – Register via www.splunk402.com/chat – Channel: #edinburgh ● Present & Share at the User Group? Connect: ‣ Harry McLaren | harry.mclaren@ecs.co.uk | @cyberharibu | harrymclaren.co.uk ‣ ECS | enquiries@ecs.co.uk | @ECS_IT | ecs.co.uk 26
Thank You

Recommended

Splunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventSplunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November Event
Harry McLaren
 
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Harry McLaren
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Harry McLaren
 
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Harry McLaren
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS)
Splunk
 
SplunkLive! Customer Presentation – Covance Inc"
SplunkLive! Customer Presentation – Covance Inc"SplunkLive! Customer Presentation – Covance Inc"
SplunkLive! Customer Presentation – Covance Inc"
Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
Splunk
 
SplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - Staples
Splunk
 

Recommended

Splunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventSplunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November Event
Harry McLaren
 
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Harry McLaren
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Harry McLaren
 
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Harry McLaren
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS)
Splunk
 
SplunkLive! Customer Presentation – Covance Inc"
SplunkLive! Customer Presentation – Covance Inc"SplunkLive! Customer Presentation – Covance Inc"
SplunkLive! Customer Presentation – Covance Inc"
Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout Session
Splunk
 
SplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - Staples
Splunk
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
Splunk
 
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services Organization
Splunk
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
Splunk
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout Session
Splunk
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
Splunk
 
Monitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and BeyondMonitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and Beyond
Splunk
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
Splunk
 
Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5
Splunk
 
Distributed Management Console
Distributed Management ConsoleDistributed Management Console
Distributed Management Console
Splunk
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout Session
Splunk
 
Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk
Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
Splunk
 
University of Alberta Customer Presentation
University of Alberta Customer PresentationUniversity of Alberta Customer Presentation
University of Alberta Customer Presentation
Splunk
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
Greg Hanchin
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure Monitor
Pedro Sousa
 
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout SessionMonitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Splunk
 
WestJet Customer Presentation
WestJet Customer PresentationWestJet Customer Presentation
WestJet Customer Presentation
Splunk
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic Stack
Elasticsearch
 
SplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettleSplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettle
Splunk
 
splunk power user certification
splunk power user certificationsplunk power user certification
splunk power user certification
Anand Sunder
 
Taking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to SplunkTaking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to Splunk
Splunk
 

More Related Content

What's hot

Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
Splunk
 
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services Organization
Splunk
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
Splunk
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout Session
Splunk
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
Splunk
 
Monitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and BeyondMonitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and Beyond
Splunk
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
Splunk
 
Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5
Splunk
 
Distributed Management Console
Distributed Management ConsoleDistributed Management Console
Distributed Management Console
Splunk
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout Session
Splunk
 
Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk
Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
Splunk
 
University of Alberta Customer Presentation
University of Alberta Customer PresentationUniversity of Alberta Customer Presentation
University of Alberta Customer Presentation
Splunk
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
Greg Hanchin
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure Monitor
Pedro Sousa
 
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout SessionMonitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Splunk
 
WestJet Customer Presentation
WestJet Customer PresentationWestJet Customer Presentation
WestJet Customer Presentation
Splunk
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic Stack
Elasticsearch
 
SplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettleSplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettle
Splunk
 

What's hot (20)

Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
 
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search Dojo
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services Organization
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout Session
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
 
Monitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and BeyondMonitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and Beyond
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
 
Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5
 
Distributed Management Console
Distributed Management ConsoleDistributed Management Console
Distributed Management Console
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout Session
 
Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
 
University of Alberta Customer Presentation
University of Alberta Customer PresentationUniversity of Alberta Customer Presentation
University of Alberta Customer Presentation
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure Monitor
 
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout SessionMonitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
 
WestJet Customer Presentation
WestJet Customer PresentationWestJet Customer Presentation
WestJet Customer Presentation
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic Stack
 
SplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettleSplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettle
 

Viewers also liked

splunk power user certification
splunk power user certificationsplunk power user certification
splunk power user certification
Anand Sunder
 
Taking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to SplunkTaking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to Splunk
Splunk
 
SPLUNK Power User Certification
SPLUNK Power User CertificationSPLUNK Power User Certification
SPLUNK Power User Certification
Cesar Cobena
 
Splunk
SplunkSplunk
Splunk
Intellipaat
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
jpelletier123
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
Splunk
 

Viewers also liked (6)

splunk power user certification
splunk power user certificationsplunk power user certification
splunk power user certification
 
Taking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to SplunkTaking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to Splunk
 
SPLUNK Power User Certification
SPLUNK Power User CertificationSPLUNK Power User Certification
SPLUNK Power User Certification
 
Splunk
SplunkSplunk
Splunk
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 

Similar to Splunk User Group Edinburgh - September Event

Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
Splunk
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
Splunk
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
Splunk
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DaySplunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Zivaro Inc
 
Best Practices for a CoE
Best Practices for a CoEBest Practices for a CoE
Best Practices for a CoE
Splunk
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout Session
Splunk
 
SplunkLive! Seattle - Splunk for Developers
SplunkLive! Seattle - Splunk for DevelopersSplunkLive! Seattle - Splunk for Developers
SplunkLive! Seattle - Splunk for Developers
Grigori Melnik
 
Splunk for Developers Breakout Session
Splunk for Developers Breakout SessionSplunk for Developers Breakout Session
Splunk for Developers Breakout Session
Splunk
 
Splunk for Developers Breakout Session
Splunk for Developers Breakout SessionSplunk for Developers Breakout Session
Splunk for Developers Breakout Session
Splunk
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
Splunk
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
Splunk
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
Splunk
 
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentTSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
Harry McLaren
 
GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech Day
Zivaro Inc
 
Calgary-Splunk-User-Group-March-2023.pdf
Calgary-Splunk-User-Group-March-2023.pdfCalgary-Splunk-User-Group-March-2023.pdf
Calgary-Splunk-User-Group-March-2023.pdf
PremDomingo
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
Splunk
 
SplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - UnicreditSplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - Unicredit
Splunk
 

Similar to Splunk User Group Edinburgh - September Event (20)

Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DaySplunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
 
Best Practices for a CoE
Best Practices for a CoEBest Practices for a CoE
Best Practices for a CoE
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout Session
 
SplunkLive! Seattle - Splunk for Developers
SplunkLive! Seattle - Splunk for DevelopersSplunkLive! Seattle - Splunk for Developers
SplunkLive! Seattle - Splunk for Developers
 
Splunk for Developers Breakout Session
Splunk for Developers Breakout SessionSplunk for Developers Breakout Session
Splunk for Developers Breakout Session
 
Splunk for Developers Breakout Session
Splunk for Developers Breakout SessionSplunk for Developers Breakout Session
Splunk for Developers Breakout Session
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentTSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
 
GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech Day
 
Calgary-Splunk-User-Group-March-2023.pdf
Calgary-Splunk-User-Group-March-2023.pdfCalgary-Splunk-User-Group-March-2023.pdf
Calgary-Splunk-User-Group-March-2023.pdf
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
SplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - UnicreditSplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - Unicredit
 

More from Harry McLaren

Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Harry McLaren
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
Harry McLaren
 
Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)
Harry McLaren
 
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Harry McLaren
 
SOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsSOC Fundamental Roles & Skills
SOC Fundamental Roles & Skills
Harry McLaren
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)
Harry McLaren
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Harry McLaren
 
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Harry McLaren
 
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Harry McLaren
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOps
Harry McLaren
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
Harry McLaren
 
Lessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberLessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/Cyber
Harry McLaren
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
Harry McLaren
 
OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?
Harry McLaren
 
Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?
Harry McLaren
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Harry McLaren
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Harry McLaren
 
Cyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementCyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose Statement
Harry McLaren
 
Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements
Harry McLaren
 
Securing the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the CentreSecuring the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the Centre
Harry McLaren
 

More from Harry McLaren (20)

Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
 
Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)
 
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
 
SOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsSOC Fundamental Roles & Skills
SOC Fundamental Roles & Skills
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
 
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
 
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOps
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
 
Lessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberLessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/Cyber
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
 
OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?
 
Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
 
Cyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementCyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose Statement
 
Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements
 
Securing the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the CentreSecuring the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the Centre
 

Recently uploaded

20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 

Recently uploaded (20)

20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 

Splunk User Group Edinburgh - September Event

  • 1. Copyright © 2016 Splunk Inc. Splunk User Group Edinburgh Deployment & Security September 2016
  • 2. Introduction - Harry McLaren 2 ● Alumnus of Edinburgh Napier ● Security Consultant at ECS – Role: Splunk Professional Services & Enablement Lead – Specialism: SIEM & Splunk Architecture Global Splunk Partner Revolution Award - 2016
  • 3. 3
  • 4. Agenda • Housekeeping: Overview & House Rules • Presentation: Deployment Best Practices • Group Discussion: Deployment Challenges & Solutions • Presentation: Security Best Practices • Group Discussion: Security Challenges & Solutions • Group Discussion: Favourite Use Cases [Optional] 4
  • 5. [Splunk Official] User Group “The overall goal is to create an authentic, ongoing user group experience for our users, where they contribute and get involved” ● User Lead ● Technical Discussions ● Sharing Environment ● Build Trust (With Community & Splunk) ● No Sales! 5
  • 6. What Do You Want From A User Group? 6
  • 9. Planning & Design 9 ● High Level Design & Environment Diagram ● High Availability / Load Balancing – Minimum Number of Nodes (SHC x3 / IXC x2-3) – Forwarder Based (AutoLB), Search Heads (Persistent Sessions via Load Balancer) ● Hardware & Storage Requirements – Availability / Retention / Archiving ● Development / Staging Environment ● Environment Orchestration & Configuration – Version Control, Configuration Management, Access Management, Packaging
  • 10. Pre-Implementation 10 ● Raise Required Changes (Network, Identity, Architecture) ● Validate Connectivity & System Access ● Download Binaries / Licences / Apps – Splunk Software & Splunk Licenses ● Ensure DNS Records Function – IP Addresses Should Be Avoided In Config (Use DNS Records) ● Forwarder Deployment – Engage with Platform Teams – Develop Automation Script (Requires deploymentsclient.conf with DNS Entry)
  • 11. Implementation 11 ● Build Sequence – Management Layer > Indexer Layer > Search Layer ● Data Source On-boarding Process – Use Case Identification, Data Source Profiling, Develop, Test & Deliver (RTL) ● Utilise Splunk Apps & Add-ons (Free & Premium) – Unix App, Windows Infrastructure App, VM Ware App, Apache App, Etc. ● Bundle Search Objects Into Custom Apps – Breakdown by Business Unit, Grouped Use Cases, Etc. ● Use Splunk Documentation & Splunk Answers for Guidelines
  • 12. Post-Implementation 12 ● Update Designs / Diagrams (Delivered Implementation) ● Training & Knowledge Sharing – Education Courses (Free / Paid), Community Support & Partner Training ● Identify Splunk Champions – Technical & Business ● Build Business Value – Identify Secondary User Cases ● Build Entitlement Framework – Cost Centre Clawback, Shared Financial Burden, Shared Responsibility
  • 15. Deployment Challenges & Solutions 15 ● Example Challenges / Solutions: – Source Data Access ‣ Early SME Engagement & EventGen App? – Hardware Challenges ‣ Develop Deployment Config in the Cloud? ● Discussion Time Limit: 15mins
  • 17. Pre-Install Hardening & Validation 17 ● Secure Operating System Pre-Installation ● Industry Standard Guidelines – Centre For Internet Security (CIS) - Security Benchmarks ● Create Splunk Specific User/Group with Relevant Permissions – Ensure Splunk Doesn’t Run as ‘Administrator’ or ‘Root’ ● Verify Integrity of Binaries (Checksum Hash / Signature)
  • 18. Implementation Hardening 18 ● User Authentication & Role-Based Access Control ● Transport Encryption & Authentication (TLS) ● Secure Password Deployment – Shared splunk.secret / Hashed Passwords in Deployment Apps ● Access Control Lists – Simple IP/DNS Whitelisting or Blacklisting ● Disable Unnecessary Splunk Components (Splunk Web / REST Port) ● Configuration Change Monitoring via Splunk
  • 19. Monitoring Environment (Security & IT Ops) 19 ● Collect Local Operating System Hosts Logs / Report on Anomalies – Security, Access, Application, Configuration, Patching & Performance ● Forward All Splunk’s Internal Logs into Indexers ● Splunk Crafted Reporting for ‘Splunk’ (Previously: Splunk on Splunk) – Indexing Performance, Search Performance, Search Activity, Missing Forwarders ● Report On Users Attempting to Search Restricted Indexes ● Use Data Integrity Checking & Monitor Exceptions
  • 22. Security Challenges & Solutions 22 ● Example Security Challenges: – Easier Implementation of Transport Encryption (TLS)? ‣ Scripted Certification Generation & Deployment via App – How to Segment Data? ‣ According to Business Unit or Use Case (via Indexes) ● Discussion Time Limit: 15mins
  • 24. Favourite Use Cases 24 ● Example Use Cases: – Self Healing with ServiceNow Integration with Ansible – IT Operational Monitoring with IT Service Intelligence (Glass Tables) – Malicious Behaviour Detection with Entropy Analysis on DNS Logs ● Discussion Time Limit: 15mins
  • 25. Updates Announced at .conf 2016 ● Introducing Splunk Enterprise 6.5 - Available Now ‣ Splunk ML Toolkit – a guided workbench and SPL extensions to help you create and operationalize your own custom analytics based on your choice of algorithms. ‣ Tables, a new feature that lets you create and analyse tabular data views without using SPL. ‣ Hadoop Data Roll give you another way to reduce historical data storage costs while keeping full search capability. ● New Releases (General Availability October 2016): – Splunk Enterprise Security [Minor Release] – Splunk IT Service Intelligence [Major Release] – Splunk User Behaviour Analytics [Major Release] 25
  • 26. Get Involved! ● Splunk User Group Edinburgh – https://usergroups.splunk.com/group/splunk-user-group-edinburgh.html ● Splunk’s Slack Group – Register via www.splunk402.com/chat – Channel: #edinburgh ● Present & Share at the User Group? Connect: ‣ Harry McLaren | harry.mclaren@ecs.co.uk | @cyberharibu | harrymclaren.co.uk ‣ ECS | enquiries@ecs.co.uk | @ECS_IT | ecs.co.uk 26

Editor's Notes

  1. Splunk Architecture - Development): http://www.splunk.com/view/SP-CAAABF9 Splunk Enterprise Architecture & Processes: https://docs.splunk.com/Documentation/Splunk/6.5.0/Installation/Splunksarchitectureandwhatgetsinstalled
  2. High availability deployment - Indexer cluster: http://docs.splunk.com/Documentation/Splunk/6.5.0/Deploy/Indexercluster Design considerations: http://docs.splunk.com/Documentation/Splunk/6.5.0/Deploy/Deploymentcharacteristics#Design_considerations Set up load balancing: http://docs.splunk.com/Documentation/Splunk/6.5.0/Forwarding/Setuploadbalancingd Use a load balancer with search head clustering: http://docs.splunk.com/Documentation/Splunk/6.5.0/DistSearch/UseSHCwithloadbalancers Reference hardware: http://docs.splunk.com/Documentation/Splunk/6.5.0/Capacity/Referencehardware Estimate your storage requirements: http://docs.splunk.com/Documentation/Splunk/6.5.0/Capacity/Estimateyourstoragerequirements How Splunk Enterprise calculates disk storage: http://docs.splunk.com/Documentation/Splunk/6.5.0/Capacity/HowSplunkcalculatesdiskstorage
  3. Universal forwarder system requirements: http://docs.splunk.com/Documentation/Forwarder/6.5.0/Forwarder/Systemrequirements Install a Windows universal forwarder remotely with a static configuration: http://docs.splunk.com/Documentation/Forwarder/6.5.0/Forwarder/InstallaWindowsuniversalforwarderremotelywithastaticconfiguration Install a *nix universal forwarder remotely with a static configuration: http://docs.splunk.com/Documentation/Forwarder/6.5.0/Forwarder/Installanixuniversalforwarderremotelywithastaticconfiguration
  4. Splunk Apps: https://splunkbase.splunk.com/ Splunk Docs: http://docs.splunk.com/ Splunk Answers: https://answers.splunk.com/
  5. Splunk Education: http://www.splunk.com/view/education/SP-CAAAAH9 Use Cases: https://www.splunk.com/en_us/solutions/solution-areas.html
  6. Centre For Internet Security: https://benchmarks.cisecurity.org/ Run Splunk Enterprise as a different or non-root user: https://docs.splunk.com/Documentation/Splunk/6.5.0/Installation/RunSplunkasadifferentornon-rootuser Securing Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/WhatyoucansecurewithSplunk
  7. Use access control to secure Splunk data: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/UseaccesscontroltosecureSplunkdata About securing Splunk Enterprise with SSL: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/AboutsecuringyourSplunkconfigurationwithSSL Deploy secure passwords across multiple servers: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/Deploysecurepasswordsacrossmultipleservers Use Access Control Lists: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/Useaccesscontrollists
  8. What Splunk software logs about itself: http://docs.splunk.com/Documentation/Splunk/6.5.0/Troubleshooting/WhatSplunklogsaboutitself