Splunk User Group Edinburgh - November EventHarry McLaren
- Harry McLaren is the founder and leader of the Splunk User Group in Edinburgh. He works as a security consultant specializing in Splunk at ECS.
- The agenda includes presentations on using Splunk for IT operations and use case development, as well as a demo of IT service intelligence. There will also be a discussion on developing organizational insights from business pains.
- Developing use cases involves defining roles, system requirements, and goals. Examples provided are using Splunk for insider threat detection and monitoring customer experience on an e-commerce platform.
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Harry McLaren
This document provides an agenda and summaries for a Splunk User Group meeting in Edinburgh in April 2017. The meeting will include presentations and demos on building Splunk apps, development paths and certification, and Splunk User Behavior Analytics. The introductory presentation will be given by Harry McLaren from ECS and will provide background on ECS and the Splunk User Group. Additional presentations will cover building custom Splunk apps using both the web interface and direct XML editing, and paths for Splunk certification. The final presentation will demo Splunk UBA for detecting insider threats and advanced adversaries. Attendees are encouraged to discuss in-house developed apps and get involved in the Splunk community.
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
This document provides an agenda and summaries for a Splunk user group meeting in Edinburgh. The meeting will include presentations and discussions on creating dashboards, using universal vs. heavy forwarders, and latest Splunk challenges and solutions. It introduces the speakers, including employees from the hosting company ECS and user group leader Harry McLaren. Updates from the recent Splunk .conf event are also summarized, such as new premium app releases and the Splunk ML Toolkit.
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Harry McLaren
Slide deck delivered at the June Splunk User Group in Edinburgh: Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Security.
Sign up to the group here: https://usergroups.splunk.com/group/splunk-user-group-edinburgh/
Splunk in the Cisco Unified Computing System (UCS) Splunk
Cisco has been a Splunk customer for 8 years, with a strong engineering partnership for 3+ years. Learn how several Cisco customers as well as Cisco IT have deployed, grown, and transformed our businesses using the advantages of Splunk Enterprise software together with Cisco UCS and Nexus hardware. We will also talk about scalability and performance considerations for all scales of data footprint and business growth.
Covance is a global drug development company headquartered in Princeton, NJ with over 12,000 employees worldwide. Jessie Ridge is a senior security engineer who helped build Covance's security program from the ground up. Previously, Covance had limited security visibility due to outdated tools and data silos. They implemented Splunk to gain a single source of visibility across their systems. Splunk provided improved security and faster investigations by ingesting various log types. It has since expanded to other teams and grown from processing 10GB of data per day to over 900GB with 25+ users.
This document provides an overview and examples of data onboarding in Splunk. It discusses best practices for indexing data, such as setting the event boundary, date, timestamp, sourcetype and source fields. Examples are given for onboarding complex JSON, simple JSON and complex CSV data. Lessons learned from each example highlight issues like properly configuring settings for nested or multiple timestamp fields. The presentation also introduces Splunk capabilities for collecting machine data beyond logs, such as the HTTP Event Collector, Splunk MINT and the Splunk App for Stream.
This document discusses how Staples uses Splunk to gain insights from machine data across their organization. It provides details on:
- Staples' Splunk infrastructure consisting of 8 index servers and 9 search heads that can handle 1TB of data per day.
- The key use cases of operational support, application insights, and business intelligence.
- How Splunk provides a single pane of glass for visibility across their web apps, servers, monitoring tools, and more.
- Examples of how Splunk has helped identify issues, reduced resolution times, and optimized website searches to improve the customer experience.
Splunk User Group Edinburgh - November EventHarry McLaren
- Harry McLaren is the founder and leader of the Splunk User Group in Edinburgh. He works as a security consultant specializing in Splunk at ECS.
- The agenda includes presentations on using Splunk for IT operations and use case development, as well as a demo of IT service intelligence. There will also be a discussion on developing organizational insights from business pains.
- Developing use cases involves defining roles, system requirements, and goals. Examples provided are using Splunk for insider threat detection and monitoring customer experience on an e-commerce platform.
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Harry McLaren
This document provides an agenda and summaries for a Splunk User Group meeting in Edinburgh in April 2017. The meeting will include presentations and demos on building Splunk apps, development paths and certification, and Splunk User Behavior Analytics. The introductory presentation will be given by Harry McLaren from ECS and will provide background on ECS and the Splunk User Group. Additional presentations will cover building custom Splunk apps using both the web interface and direct XML editing, and paths for Splunk certification. The final presentation will demo Splunk UBA for detecting insider threats and advanced adversaries. Attendees are encouraged to discuss in-house developed apps and get involved in the Splunk community.
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
This document provides an agenda and summaries for a Splunk user group meeting in Edinburgh. The meeting will include presentations and discussions on creating dashboards, using universal vs. heavy forwarders, and latest Splunk challenges and solutions. It introduces the speakers, including employees from the hosting company ECS and user group leader Harry McLaren. Updates from the recent Splunk .conf event are also summarized, such as new premium app releases and the Splunk ML Toolkit.
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Harry McLaren
Slide deck delivered at the June Splunk User Group in Edinburgh: Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Security.
Sign up to the group here: https://usergroups.splunk.com/group/splunk-user-group-edinburgh/
Splunk in the Cisco Unified Computing System (UCS) Splunk
Cisco has been a Splunk customer for 8 years, with a strong engineering partnership for 3+ years. Learn how several Cisco customers as well as Cisco IT have deployed, grown, and transformed our businesses using the advantages of Splunk Enterprise software together with Cisco UCS and Nexus hardware. We will also talk about scalability and performance considerations for all scales of data footprint and business growth.
Covance is a global drug development company headquartered in Princeton, NJ with over 12,000 employees worldwide. Jessie Ridge is a senior security engineer who helped build Covance's security program from the ground up. Previously, Covance had limited security visibility due to outdated tools and data silos. They implemented Splunk to gain a single source of visibility across their systems. Splunk provided improved security and faster investigations by ingesting various log types. It has since expanded to other teams and grown from processing 10GB of data per day to over 900GB with 25+ users.
This document provides an overview and examples of data onboarding in Splunk. It discusses best practices for indexing data, such as setting the event boundary, date, timestamp, sourcetype and source fields. Examples are given for onboarding complex JSON, simple JSON and complex CSV data. Lessons learned from each example highlight issues like properly configuring settings for nested or multiple timestamp fields. The presentation also introduces Splunk capabilities for collecting machine data beyond logs, such as the HTTP Event Collector, Splunk MINT and the Splunk App for Stream.
This document discusses how Staples uses Splunk to gain insights from machine data across their organization. It provides details on:
- Staples' Splunk infrastructure consisting of 8 index servers and 9 search heads that can handle 1TB of data per day.
- The key use cases of operational support, application insights, and business intelligence.
- How Splunk provides a single pane of glass for visibility across their web apps, servers, monitoring tools, and more.
- Examples of how Splunk has helped identify issues, reduced resolution times, and optimized website searches to improve the customer experience.
ntroduced in Splunk 6.2, the Distributed Management Console helps Splunk Admins deal with the monitoring and health of their Splunk deployment. In Splunk 6.3, we built views for Splunk Index and Volume Usage, Forwarder Monitoring, Search Head Cluster Monitoring, Index Cluster Monitoring, and tools for visualizing your Splunk Topology. Leverage Splunk DMC and come see the forest -and- the trees in your Splunk deployment!
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
The document discusses the experience of migrating from an old SIEM to Splunk Enterprise Security (ES). Key points include:
- The old SIEM was difficult to maintain, slow, and lacked community support. Splunk provided better performance and capabilities.
- Logs were migrated to Splunk one source at a time after normalization. Analysts found Splunk easier to use.
- A proof of concept with ES showed its advanced correlations, dashboards, and incident management capabilities beyond core Splunk.
- ES provides templates for searches, alerts, and workflows that would have taken months to recreate. It is a more complete SIEM solution.
Getting Started with Splunk Enterprise Hands-OnSplunk
This document provides an overview and demonstration of Splunk software. The agenda includes downloading Splunk, an overview of its key features for searching machine data, field extraction, dashboards, alerting, and analytics. The presenter then demonstrates installing and onboarding sample data, performing searches, and using pivots. deployment architectures are discussed along with scaling to hundreds of terabytes per day. Questions areas like documentation, support, and the Splunk user conference are also mentioned.
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
This document provides an agenda for scaling a Splunk deployment beyond initial use cases. It discusses growing use cases and data volume over time. As Splunk becomes mission critical, the document recommends implementing high availability through indexer and search head clustering. It also suggests using a distributed management console and centralized configuration management. Finally, the document briefly discusses Splunk Cloud and hybrid deployments as options to scale without waiting for additional on-premise hardware.
Distributed Management Console helps Splunk Admins deal with the monitoring and health of their Splunk deployment. In Splunk 6.3, we built views for Splunk Index and Volume Usage, Forwarder Monitoring, Search Head Cluster Monitoring, Index Cluster Monitoring, and tools for visualizing your Splunk Topology. Leverage Splunk DMC and come see the forest -and- the trees in your Splunk deployment!
With a number of different applications on SplunkBase that help monitor Splunk environments, native tools, new introspection features, a Splunk Admin hardly knows where to start! This session will cut through the confusion and provide clear, direct advice for where to start with monitoring a Splunk environment, and how advanced users can gain new insight, covering traditional tools like SoS and new Splunk features like the Distributed Management Console. Come see the forest -and- the trees in your Splunk deployment!
Here are some key considerations for architecting a Splunk application:
- Define a data model and taxonomy - Map data sources to common schemas and entities. This allows for unified search, reporting and alerts.
- Partition data appropriately - Separate apps by function, team, data type or other logical boundaries. Consider security, scalability and maintenance.
- Choose input methods based on data volume and type - Streaming for high volume, modular/scripted for custom parsing. Consider HTTP Event Collector, TCP or file monitors.
- Design for scalability - Distribute data and workloads across multiple Splunk instances. Consider sharding, clustering, load balancing.
- Implement modular and reusable components - Custom searches, lookups
Webinar: Was ist neu in Splunk Enterprise 6.5Splunk
Splunk Enterprise 6.5 bietet fundamentale Weiterentwicklungen im Bereich Machine Learning, Datenanalysen, Plattform Management und ist damit im Betrieb kostengünstiger.
In unserem Webinar zeigen wir Ihnen eine Produktdemo und Sie erfahren folgendes:
- Nutzen Sie Machine Learning, um vorherzusagen, aufzudecken und das zu verhindern, was für Ihr Unternehmen am wichtigsten ist
- Verwenden Sie Tabellen, um Daten vorzubereiten und zu analysieren, ohne die Splunk Suchsprache (SPL) zu nutzen
- Senken Sie die Speicherkosten, indem Sie historische Daten zu Hadoop auslagern
- Nutzen Sie kostenlose Entwickler/Testlizenzen, um neue Datenquellen und Anwendungsfälle zu erforschen
- Verarbeiten Sie kritische Daten ohne Unterbrechung, da im Lizenzmodell die Sperre der Suche bei Lizenzüberschreitungen entfernt wurde
Die aktuelle Version von Splunk Enterprise 6.5 hilft Ihnen dabei, den Mehrwert aus Ihren Daten und Ihrer Investition in Splunk zu maximieren. Mit den neuen Features sind Big Data Analysen noch kostengünstiger und einfacher geworden. Überzeugen Sie sich selbst in unserem Webinar.
Introduced in Splunk 6.2, the Distributed Management Console helps Splunk Admins deal with the monitoring and health of their Splunk deployment. In Splunk 6.3, we built views for Splunk Index and Volume Usage, Forwarder Monitoring, Search Head Cluster Monitoring, Index Cluster Monitoring, and tools for visualizing your Splunk Topology. Leverage Splunk DMC and come see the forest -and- the trees in your Splunk deployment!
Advanced Use Cases for Analytics Breakout SessionSplunk
This document discusses Splunk's analytics capabilities and how to develop analytics for business users. It introduces personas as user types in a Splunk deployment beyond core IT. Requirements should be gathered for each persona, including their business problem, relevant data sources, and how they prefer to consume results. Searches and data models can then be developed and delivered through dashboards, visualizations, or third-party tools. Advanced analytics techniques discussed include anomaly detection, data visualization, predictive analytics, and demos. The document encourages reaching out for help from Splunk technical teams to grow analytics beyond IT.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms. In this session, we'll present an overview of the app architecture and API and show you how to use Splunk to easily perform a variety of tasks, including outlier and anomaly detection, predictive analytics, and event clustering. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
In addition to seeing the latest features in Splunk Enterprise, learn some of the top commands that will solve most search and analytics needs. Ninja’s can use these blindfolded. New features will be demonstrated in the following areas: TCO and Performance Improvements, Platform Management and New Interactive Visualizations.
Greg Dostatni is the team lead for application hosting at the University of Alberta. He manages a 10 person team responsible for managing applications and databases across the university. The university implemented Splunk in 2013 to help address challenges around siloed data and reactive troubleshooting after restructuring IT operations. Splunk provides centralized logging, real-time monitoring and alerts, and customizable dashboards. This has improved initial incident response times from half an hour to gather data to immediately investigating issues. Splunk also allows tracking of key metrics like authentication system transactions and performance monitoring across the university's systems.
This document provides information on an advanced Splunk administration training course. The 9-hour course covers topics such as hardware and topology options, advanced data input configuration, authentication methods, security, and troubleshooting. The course objectives are covered in 10 lessons including distributed search, deployment servers, index replication, authentication, and security. Prerequisites for the course are completion of introductory Splunk courses on using and administering Splunk.
Azure Monitor collects two types of data: metrics and logs. The document provides tips for reducing data volume in Azure Monitor by changing configurations for security events, performance counters, event logs, syslog, AzureDiagnostics, and solution data. Configurations can be changed to reduce the frequency and number of items collected, and to only collect required event levels and logs. This helps reduce the amount of data sent to Azure Monitor.
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout SessionSplunk
This document provides an overview of tools for monitoring Splunk environments, including the Distributed Management Console (DMC) and Splunk on Splunk (SoS). It discusses how to use these tools to diagnose issues related to data acquisition latency, slow search performance, and platform alerts. The document demonstrates exploring the DMC and SoS to identify potential causes such as high CPU, slow disks, incorrect timestamping, or an increase in data volumes. It emphasizes that virtually all large customers use one or both of these monitoring tools.
WestJet Airlines is a Canadian airline founded in 1996 that has grown to operate over 425 flights per day to over 90 destinations across North America and Central America. The Solutions Architect at WestJet discusses how they implemented Splunk to gain visibility into their various systems like websites and apps. Splunk has helped WestJet troubleshoot issues faster, identify performance problems, and answer ad-hoc questions by consolidating their logs in one place.
Reinventing enterprise defense with the Elastic StackElasticsearch
Tune in to hear the most impactful lessons learned from Uber's security journey, and how security practitioners everywhere can tackle pervasive enterprise security challenges using the Elastic Stack.
This document discusses Splunk implementation at iZettle to meet PCI compliance requirements. It describes how iZettle started with local logs on 10 servers and expanded to have all backend systems logging to Splunk. Splunk now supports security, development, QA and operations with 50% of alerts and 80+ users. Trend analysis in Splunk helps detect anomalies and alerts are adapted based on trends. The key lessons are to insert all services for cross-system search, take a generic anomaly approach for alerts, leverage pre-summarized data for light searches, and use dynamic thresholds.
This document provides certification details for Anand Sunder as a Splunk Certified Power User. It lists the certification date of November 13, 2016 and references the Splunk software version 6.3. It also includes a license number of Cert-122698.
Taking Splunk to the Next Level - New to SplunkSplunk
Your team is up and running with Splunk. Now you want to maximize your investment and solve additional business problems. Hear how to expand beyond the initial use case. Learn how to how to capture, document and present Splunk's data and present impactful ways to calculate ROI using concrete metrics; cost savings, time savings, efficiency gains, and competitive advantage.
ntroduced in Splunk 6.2, the Distributed Management Console helps Splunk Admins deal with the monitoring and health of their Splunk deployment. In Splunk 6.3, we built views for Splunk Index and Volume Usage, Forwarder Monitoring, Search Head Cluster Monitoring, Index Cluster Monitoring, and tools for visualizing your Splunk Topology. Leverage Splunk DMC and come see the forest -and- the trees in your Splunk deployment!
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk
Besides seeing the newest features in Splunk Enterprise and learning the best practices for data models and pivot, we will show you how to use a handful of search commands that will solve most search needs. Learn these well and become a ninja.
The document discusses the experience of migrating from an old SIEM to Splunk Enterprise Security (ES). Key points include:
- The old SIEM was difficult to maintain, slow, and lacked community support. Splunk provided better performance and capabilities.
- Logs were migrated to Splunk one source at a time after normalization. Analysts found Splunk easier to use.
- A proof of concept with ES showed its advanced correlations, dashboards, and incident management capabilities beyond core Splunk.
- ES provides templates for searches, alerts, and workflows that would have taken months to recreate. It is a more complete SIEM solution.
Getting Started with Splunk Enterprise Hands-OnSplunk
This document provides an overview and demonstration of Splunk software. The agenda includes downloading Splunk, an overview of its key features for searching machine data, field extraction, dashboards, alerting, and analytics. The presenter then demonstrates installing and onboarding sample data, performing searches, and using pivots. deployment architectures are discussed along with scaling to hundreds of terabytes per day. Questions areas like documentation, support, and the Splunk user conference are also mentioned.
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
This document provides an agenda for scaling a Splunk deployment beyond initial use cases. It discusses growing use cases and data volume over time. As Splunk becomes mission critical, the document recommends implementing high availability through indexer and search head clustering. It also suggests using a distributed management console and centralized configuration management. Finally, the document briefly discusses Splunk Cloud and hybrid deployments as options to scale without waiting for additional on-premise hardware.
Distributed Management Console helps Splunk Admins deal with the monitoring and health of their Splunk deployment. In Splunk 6.3, we built views for Splunk Index and Volume Usage, Forwarder Monitoring, Search Head Cluster Monitoring, Index Cluster Monitoring, and tools for visualizing your Splunk Topology. Leverage Splunk DMC and come see the forest -and- the trees in your Splunk deployment!
With a number of different applications on SplunkBase that help monitor Splunk environments, native tools, new introspection features, a Splunk Admin hardly knows where to start! This session will cut through the confusion and provide clear, direct advice for where to start with monitoring a Splunk environment, and how advanced users can gain new insight, covering traditional tools like SoS and new Splunk features like the Distributed Management Console. Come see the forest -and- the trees in your Splunk deployment!
Here are some key considerations for architecting a Splunk application:
- Define a data model and taxonomy - Map data sources to common schemas and entities. This allows for unified search, reporting and alerts.
- Partition data appropriately - Separate apps by function, team, data type or other logical boundaries. Consider security, scalability and maintenance.
- Choose input methods based on data volume and type - Streaming for high volume, modular/scripted for custom parsing. Consider HTTP Event Collector, TCP or file monitors.
- Design for scalability - Distribute data and workloads across multiple Splunk instances. Consider sharding, clustering, load balancing.
- Implement modular and reusable components - Custom searches, lookups
Webinar: Was ist neu in Splunk Enterprise 6.5Splunk
Splunk Enterprise 6.5 bietet fundamentale Weiterentwicklungen im Bereich Machine Learning, Datenanalysen, Plattform Management und ist damit im Betrieb kostengünstiger.
In unserem Webinar zeigen wir Ihnen eine Produktdemo und Sie erfahren folgendes:
- Nutzen Sie Machine Learning, um vorherzusagen, aufzudecken und das zu verhindern, was für Ihr Unternehmen am wichtigsten ist
- Verwenden Sie Tabellen, um Daten vorzubereiten und zu analysieren, ohne die Splunk Suchsprache (SPL) zu nutzen
- Senken Sie die Speicherkosten, indem Sie historische Daten zu Hadoop auslagern
- Nutzen Sie kostenlose Entwickler/Testlizenzen, um neue Datenquellen und Anwendungsfälle zu erforschen
- Verarbeiten Sie kritische Daten ohne Unterbrechung, da im Lizenzmodell die Sperre der Suche bei Lizenzüberschreitungen entfernt wurde
Die aktuelle Version von Splunk Enterprise 6.5 hilft Ihnen dabei, den Mehrwert aus Ihren Daten und Ihrer Investition in Splunk zu maximieren. Mit den neuen Features sind Big Data Analysen noch kostengünstiger und einfacher geworden. Überzeugen Sie sich selbst in unserem Webinar.
Introduced in Splunk 6.2, the Distributed Management Console helps Splunk Admins deal with the monitoring and health of their Splunk deployment. In Splunk 6.3, we built views for Splunk Index and Volume Usage, Forwarder Monitoring, Search Head Cluster Monitoring, Index Cluster Monitoring, and tools for visualizing your Splunk Topology. Leverage Splunk DMC and come see the forest -and- the trees in your Splunk deployment!
Advanced Use Cases for Analytics Breakout SessionSplunk
This document discusses Splunk's analytics capabilities and how to develop analytics for business users. It introduces personas as user types in a Splunk deployment beyond core IT. Requirements should be gathered for each persona, including their business problem, relevant data sources, and how they prefer to consume results. Searches and data models can then be developed and delivered through dashboards, visualizations, or third-party tools. Advanced analytics techniques discussed include anomaly detection, data visualization, predictive analytics, and demos. The document encourages reaching out for help from Splunk technical teams to grow analytics beyond IT.
Splunk is a powerful platform for understanding your data. The preview of the Machine Learning Toolkit and Showcase App extends Splunk with a rich suite of advanced analytics and machine learning algorithms. In this session, we'll present an overview of the app architecture and API and show you how to use Splunk to easily perform a variety of tasks, including outlier and anomaly detection, predictive analytics, and event clustering. We’ll use real data to explore these techniques and explain the intuition behind the analytics.
In addition to seeing the latest features in Splunk Enterprise, learn some of the top commands that will solve most search and analytics needs. Ninja’s can use these blindfolded. New features will be demonstrated in the following areas: TCO and Performance Improvements, Platform Management and New Interactive Visualizations.
Greg Dostatni is the team lead for application hosting at the University of Alberta. He manages a 10 person team responsible for managing applications and databases across the university. The university implemented Splunk in 2013 to help address challenges around siloed data and reactive troubleshooting after restructuring IT operations. Splunk provides centralized logging, real-time monitoring and alerts, and customizable dashboards. This has improved initial incident response times from half an hour to gather data to immediately investigating issues. Splunk also allows tracking of key metrics like authentication system transactions and performance monitoring across the university's systems.
This document provides information on an advanced Splunk administration training course. The 9-hour course covers topics such as hardware and topology options, advanced data input configuration, authentication methods, security, and troubleshooting. The course objectives are covered in 10 lessons including distributed search, deployment servers, index replication, authentication, and security. Prerequisites for the course are completion of introductory Splunk courses on using and administering Splunk.
Azure Monitor collects two types of data: metrics and logs. The document provides tips for reducing data volume in Azure Monitor by changing configurations for security events, performance counters, event logs, syslog, AzureDiagnostics, and solution data. Configurations can be changed to reduce the frequency and number of items collected, and to only collect required event levels and logs. This helps reduce the amount of data sent to Azure Monitor.
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout SessionSplunk
This document provides an overview of tools for monitoring Splunk environments, including the Distributed Management Console (DMC) and Splunk on Splunk (SoS). It discusses how to use these tools to diagnose issues related to data acquisition latency, slow search performance, and platform alerts. The document demonstrates exploring the DMC and SoS to identify potential causes such as high CPU, slow disks, incorrect timestamping, or an increase in data volumes. It emphasizes that virtually all large customers use one or both of these monitoring tools.
WestJet Airlines is a Canadian airline founded in 1996 that has grown to operate over 425 flights per day to over 90 destinations across North America and Central America. The Solutions Architect at WestJet discusses how they implemented Splunk to gain visibility into their various systems like websites and apps. Splunk has helped WestJet troubleshoot issues faster, identify performance problems, and answer ad-hoc questions by consolidating their logs in one place.
Reinventing enterprise defense with the Elastic StackElasticsearch
Tune in to hear the most impactful lessons learned from Uber's security journey, and how security practitioners everywhere can tackle pervasive enterprise security challenges using the Elastic Stack.
This document discusses Splunk implementation at iZettle to meet PCI compliance requirements. It describes how iZettle started with local logs on 10 servers and expanded to have all backend systems logging to Splunk. Splunk now supports security, development, QA and operations with 50% of alerts and 80+ users. Trend analysis in Splunk helps detect anomalies and alerts are adapted based on trends. The key lessons are to insert all services for cross-system search, take a generic anomaly approach for alerts, leverage pre-summarized data for light searches, and use dynamic thresholds.
This document provides certification details for Anand Sunder as a Splunk Certified Power User. It lists the certification date of November 13, 2016 and references the Splunk software version 6.3. It also includes a license number of Cert-122698.
Taking Splunk to the Next Level - New to SplunkSplunk
Your team is up and running with Splunk. Now you want to maximize your investment and solve additional business problems. Hear how to expand beyond the initial use case. Learn how to how to capture, document and present Splunk's data and present impactful ways to calculate ROI using concrete metrics; cost savings, time savings, efficiency gains, and competitive advantage.
This document provides certification details for an individual named Cesar Cobena who is a Splunk Certified Power User. It lists the Splunk version as 6.3 and includes a certification number and license number to verify the credentials.
Splunk is a search and analysis engine that allows for Google-like searching of log data. It collects data from various sources and provides operational intelligence through reporting, ad-hoc searching, monitoring, alerting and access controls. Splunk is available in free and enterprise versions and supports Windows, Linux, Solaris, OSX, FreeBSD, AIX and HP-UX operating systems.
This document provides an overview and sales presentation of Splunk software capabilities. Some key points:
- Splunk is a software platform that allows users to search, monitor and analyze machine-generated data for security and operational intelligence.
- It can index and search data from many different sources like servers, applications, networks and more.
- Splunk offers scalability to handle indexing and searching large volumes of data up to terabytes per day across multiple data centers.
- The software provides features like search and investigation, proactive monitoring, operational visibility and real-time business insights.
Splunk provides software that allows users to search, monitor, and analyze machine-generated data. It collects data from websites, applications, servers, networks and other devices and stores large amounts of data. The software provides dashboards, reports and alerts to help users gain operational intelligence and insights. It is used by over 4,400 customers across many industries to solve IT and business challenges.
Getting Started with Splunk Enterprise Hands-On Breakout SessionSplunk
This document provides an overview and demonstration of Splunk Enterprise. It discusses what machine data is and Splunk's mission to make it accessible. The presentation covers installing and onboarding data into Splunk, performing searches, creating dashboards and alerts. It also summarizes deployment architectures for Splunk and options for support and learning more.
Getting Started with Splunk Breakout SessionSplunk
This document provides an overview and introduction to Splunk Enterprise. It begins with an agenda that outlines discussing Splunk Enterprise, a live demonstration of using Splunk, deployment architecture, the Splunk community, and a Q&A. It then discusses how Splunk can unlock insights from machine data generated from various sources. The live demo shows installing Splunk, forwarding sample data, and performing searches. It also discusses deploying Splunk at scale, distributed architectures, and support resources available through the Splunk community.
This document discusses Splunk for developers. It provides an overview of empowering developers with Splunk, building Splunk apps, and gaining application intelligence across the development lifecycle. Key points include instrumenting application logs for insights, integrating and extending Splunk, building unit testing and code integration, and gaining end-to-end visibility across development tools. The document also discusses resources for Splunk developers including tutorials, code samples, SDKs, and developer licenses.
This document provides an overview of a Splunk fundamentals training hosted by Global Technology Resources, Inc. The training covers Splunk architecture, data collection, using Splunk for investigations and discovery, automation with reports, alerts and dashboards, and Splunk apps. Hands-on labs are included to allow attendees to explore the Splunk interface, conduct searches, and create a simple dashboard. Global Technology Resources, Inc. is a solutions-oriented consulting firm with extensive experience and credentials in Splunk.
You and your colleagues are all doing great things with Splunk. But you seldom come together to share ideas, apps and best practices. This session will help you take Splunk to the next level by helping you establish a Splunk Center of Excellence (CoE) at your organization. The purpose of a COE is simple - to provide Splunk users an informal venue in which they can discuss ideas, diagnose challenges, share innovations and network with peers. This session will share the best practices you need to create and maintain a successful CoE practice.
1) Cisco has been using Splunk enterprise for over 7 years across many business units and teams, with daily indexing growing from 300GB in 2010 to over 2TB currently.
2) Cisco's Computer Security Incident Response Team (CSIRT) uses Splunk as their security information and event management (SIEM) platform to monitor 350TB of stored data across 60 global users.
3) The presentation discusses how Cisco and some of its customers have successfully deployed Splunk on Cisco Unified Computing System (UCS) servers to scale their Splunk environments and gain benefits of simplified and repeatable deployments.
SplunkLive! Seattle - Splunk for DevelopersGrigori Melnik
This document discusses Splunk's developer platform and resources for application development. It provides an overview of empowering developers to gain application intelligence, build Splunk apps, and integrate and extend Splunk. The document discusses building Splunk apps and provides resources for developers including tutorials, code samples, downloads, developer guidance, Splunk Base, GitHub, Twitter, and blogs. It also promotes Splunk's developer license and platform approach with search, analytics, and an open ecosystem to build solutions.
Here are some key considerations for architecting Splunk applications:
- Partition your data and functionality into modular apps that can be deployed independently. This improves maintainability, scalability, and reuse.
- Choose input types based on data volume and structure. Heavy real-time data works best with TCP/UDP inputs while batch data fits modular inputs.
- Design for scale - distribute inputs across multiple indexers, use search head pools, and scale out storage. Consider cloud deployment for elastic scaling.
- Use Splunk's data models to normalize, enrich, and classify events to make them more searchable. Things like lookups, event types, and transactions.
- Implement alerting and monitoring on critical metrics and K
This document discusses Splunk's developer platform and resources for building applications on Splunk. It provides an overview of empowering developers through application intelligence, building Splunk apps, and integrating and extending Splunk. The document discusses Splunk for application development and challenges such as lack of visibility and limited insights. It describes gaining end-to-end visibility across development tools using Splunk and pushing better code using analytics in Splunk. Resources mentioned include Splunk's developer license, tutorials on their developer website, GitHub, and blogs.
This document provides an overview of how Splunk can help customers document business value. It discusses key value drivers in IT operations, application delivery, and security and compliance. It also outlines best practices for positioning value, including aligning with objectives, qualifying pain points, and quantifying business value. Common data sources, use cases, and benchmarks from over 700 customer engagements are presented for each value area.
This document discusses Splunk's developer platform and resources for building applications on Splunk. It provides an overview of empowering developers with application intelligence, building Splunk apps, and integrating and extending Splunk. It discusses Splunk for application development and challenges. It also outlines gaining end-to-end visibility across development tools and pushing better code using analytics with Splunk. Key resources discussed include the Splunk developer license, tutorials on the developer website, GitHub, and reaching out to Splunk for guidance.
Getting Started with Splunk Breakout SessionSplunk
This document provides an overview and agenda for a presentation on getting started with Splunk Enterprise. The presentation covers an overview of Splunk Inc. and the Splunk platform, a live demonstration of using Splunk to install, index, search, create reports and dashboards, and set alerts. It also discusses deploying Splunk in distributed architectures, the Splunk community resources, and support options. The goal is to help attendees understand how to use the key capabilities of Splunk Enterprise.
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentHarry McLaren
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
Some interesting talks about using TSTATS and the internal Splunk logs, have a Splunk Trainer share his journey with Splunk and how he's managed to achieve every possible Splunk certification (over 10!), and a short discussion about emerging thoughts of using development/release frameworks with Splunk deployments.
GTRI Splunk Case Studies - Splunk Tech DayZivaro Inc
This document contains summaries of multiple case studies involving the use of Splunk software for security and compliance purposes. The first case study involves a large multi-national company that implemented Splunk across 140 global data centers to address accountability, auditing, security and compliance concerns. The second case study outlines how a private aerospace firm used Splunk to create a centralized security incident and event management solution across multiple US data centers. The third case study describes how a US federal agency implemented Splunk and hired staff to fully enable a new 24/7 Security Operations Center. Additional brief case studies describe how Denver Water and the University of Texas at Austin also utilize Splunk.
This document discusses several machine learning and artificial intelligence use cases that can be built in Splunk, including powershell command-line classification using tokenization and logistic regression, Windows event code clustering and anomaly detection using statistical analysis and clustering, domain generation algorithm detection using feature engineering and text analysis techniques, and JA3 signature analysis using encoding and dimensionality reduction techniques. It provides details on the methods, technologies, requirements and additional resources for each use case.
This document summarizes a presentation about Splunk Cloud. The presentation covers Splunk Cloud's strategy of becoming the standard for operational intelligence in the cloud. It discusses customer requirements for visibility, security, mobility, and consumption of Splunk as a service. The presentation outlines Splunk Cloud's enterprise-ready capabilities including scalability, availability, security, and support. It provides examples of how customers are using Splunk Cloud for real-time monitoring, analytics, and troubleshooting. Finally, it describes Splunk Cloud's technical architecture for data collection, encryption, availability, and security.
If you are looking to gain all the benefits of Splunk software with all the benefits of a cloud-service, this is a must-attend session. In this session learn why Splunk Cloud is the industry-leading SaaS platform for operational intelligence and hear how Splunk Cloud customers use Splunk software with zero operational overhead. You will also learn how Splunk Cloud offers the full feature set of Splunk Enterprise, access to 500+ apps and single pane-of-glass visibility across Splunk Cloud and Splunk Enterprise deployments.
If you are looking to gain all the benefits of Splunk software with all the benefits of a cloud-service, this is a must-attend session. In this session learn why Splunk Cloud is the industry-leading SaaS platform for operational intelligence and hear how Splunk Cloud customers use Splunk software with zero operational overhead. You will also learn how Splunk Cloud offers the full feature set of Splunk Enterprise, access to 500+ apps and single pane-of-glass visibility across Splunk Cloud and Splunk Enterprise deployments.
If you are looking to gain all the benefits of Splunk software with all the benefits of a cloud-service, this is a must-attend session. In this session learn why Splunk Cloud is the industry-leading SaaS platform for operational intelligence and hear how Splunk Cloud customers use Splunk software with zero operational overhead. You will also learn how Splunk Cloud offers the full feature set of Splunk Enterprise, access to 500+ apps and single pane-of-glass visibility across Splunk Cloud and Splunk Enterprise deployments.
SplunkLive! Milano 2016 - customer presentation - UnicreditSplunk
UniCredit has been using Splunk for over 4 years to gain insights from heterogeneous data sources across their organization. They initially used Splunk for application monitoring and troubleshooting, but have since expanded use cases to include business analytics, IT operational analytics, and replacing manual reporting processes. Through custom scripts and configurations, UniCredit is able to get a single pane of glass view across applications and infrastructure. They have also evolved their use of Splunk from just collecting logs to powering a REST API for client applications. UniCredit views Splunk as a flexible solution that helps deliver insights for both IT and business teams.
Similar to Splunk User Group Edinburgh - September Event (20)
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
Security Operations & MITRE ATT&CK
Description: A two topic talk covering the core functions of the blue team (security operations), common roles and the required skills to be successful. Then an overview of the threat-led knowledgebase MITRE ATT&CK and how to put it to good use for threat detection and response.
Modern Security Operations & Common Roles/Competencies Harry McLaren
This document provides an overview of modern security operations technologies and frameworks from the perspective of Harry McLaren, a cybersecurity professional with 14 years of experience. It discusses the evolution of security operations functions from basic monitoring to advanced detection, analysis, and response. Key components of a security operations center are described, including threat modeling, detection configuration, and the MITRE ATT&CK framework for mapping threats, techniques, and countermeasures. Implementing a DevOps approach and config-as-code is advocated to improve effectiveness, faster adaptation, and increased scalability. Common security analyst roles and competencies such as technical skills, behaviors, and emotional intelligence are also covered.
This session will outline common roles for cyber defenders, including areas like Security Operations, Engineering and Consultancy. It will focus on the fundamental competencies (skills/behaviours) expected of entry level applicants getting into cybersecurity and how to build yourself into a confident professional working to defend your employer and their customers.
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Harry McLaren
We’ll be exploring some of the more advanced capabilities of Phantom and also discussing the security framework from MITRE “ATT&CK” and it’s valued use when integrating it with Splunk Enterprise! We’ll also have two SplunkTrust members available for some general Q&A in our own ‘Meet the Experts’.
- Splunk Phantom Workbook Automation - SOAR (Security Orchestration, Automation & Response)
-- Tom Wise (Phantom Security Solutions Engineer & Trainer)
- Threat Hunting, Or: How I Learned to Stop Worrying & Love ATT&CK
-- Cian Heasley / Fraser Dumayne (Security Engineers)
- Meet the Experts with SplunkTrust
-- Harry McLaren (Senior Splunk Consultant)
-- Tom Wise (Splunk Consultant, Phantom Security Solutions Engineer & Trainer)
Security operations centres are made up of several roles and each role benefits from a person with specific skills and competencies. This presentation was presented at Napier University on the 13/11/2019 at their 'Cyber Breakfast'.
Hunting Hard & Failing Fast (ScotSoft 2019)Harry McLaren
Many organisations have invested millions in building security operations teams, deploying powerful monitoring and reporting tools and then asking for continual improvement in the form of tuning, threat hunting and developing new threat models. However, within large enterprises, these types of changes either represent a risk of making changes to a live production platform or take weeks or months to go through the development and release process or route-to-live. This session outlines some DevOps principals and associate framework for enforcing change management, but still supporting rapid changes to code and configuration.
* SOC Capabilities
* OODA & Threat Hunting
* Balancing SOC Risk
* Using Splunk for an Agile SIEM
* Result: Empowered Hunters
* Resources & Questions
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Harry McLaren
We'll be coving the latest and greatest updates to Phantom (SOAR Platform), the ins-and-outs of the new Endpoint Data Model and what you can use it for and finally showcase some of the awesome beta features just released as part of the Splunk Security Essentials App which includes MITRE ATT&CK and Kill Chain Mappings!
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Harry McLaren
Two presentations at the January Splunk User Group in Edinburgh. Presenters were Harry McLaren and Tomasz Dziwok.
Topics covered are collecting AWS based logs at scale with Splunk and what the new object-based storage feature is within Splunk Enterprise (SmartStore).
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Harry McLaren
We explore "Metrics, mstats and Me: Splunking Human Data” and also have some insights into the KV Store and javascript use in dashboards. We’ll also re-cover the conf18 updates for those who couldn’t attend our last session.
Covering off some of the latest announcements at Splunk's user conference (.conf), an Add-on created to Splunk config files and also the presentation delivered at .conf18 on SplDevOps!
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...Harry McLaren
As Splunk scales, it grows with more Splunk engineers, developers and users. Maintaining proper knowledge object development, deployment changes and best practices can become a daunting task where fear-driven development takes its toll. In this session we present our enhancement of Splunk’s scalability in terms of software management, continuous integration and continuous delivery (CI/CD) by providing a framework which consists of DevOps tooling in combination with our Splunk expertise. Specifically, we are able to maintain a proper Splunk development cycle by using Docker containers, configuration and secret management with Ansible and version control with Git (VCS), all achieved by taking advantage of Splunk's ".conf" versatility. Our result is a CI/CD development-to-testing-to-production framework that complements Splunk’s scalability with modern DevOps culture and facilitates a smoother yet moderated development experience.
Lessons on Human Vulnerability within InfoSec/CyberHarry McLaren
Truths and lessons from a cybersecurity consultant who shares his experience with failure, vulnerability and the lessons we can all take forward to be kinder and healthier professionals.
This was also recorded here: https://youtu.be/-Rcfn1iFb1g?t=7m56s
Big Data For Threat Detection & ResponseHarry McLaren
Slides used at the University of Edinburgh SIGINT group (cybersecurity society). Covering what is big data, the value for security use cases, hunting for threats/actions, using Splunk to detect and respond, SIEM use and some useful searches (which were demoed).
OWASP - Analyst, Engineer or Consultant?Harry McLaren
The slides used at the March 2018 OWASP Edinburgh meetup to share a look at common roles within cybersecurity from the perspective of a Managing Consultant who’s been through several in quick succession and an introspective analysis of what makes a successful cybersecurity professional.
Cyber Scotland Connect: What is Security Engineering?Harry McLaren
Harry McLaren is a managing consultant at ECS who gives a presentation on cybersecurity engineering. Cybersecurity engineering involves building systems, deploying configurations, integrating systems, and developing solutions to protect against, detect, and respond to threats. It is important for engineering projects to consider people, process, technology, the end user, support requirements, and how the solution fits within the business and IT strategies. The presentation provides examples of scenario walkthroughs and best practices for engineers, such as using automation, version control, containers, and cloud technologies.
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Harry McLaren
Getting into Cybersecurity: Advice, tips and tricks from an experienced cybersecurity consultant.
Slides by: Robert Williamson
Website: https://cyberscotlandconnect.com/
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Harry McLaren
Getting into Cybersecurity: Advice, tips and tricks from an experienced recruitment consultant.
Slides by: Stefanie Corlay
Website: https://cyberscotlandconnect.com/
We'll aim to do a brief intro to the event and an overview of our Mission Statement + Purpose (we promise to keep the boring stuff short!)
Our aim is to mix some short interactive sessions with some Q&A's, some brilliant speakers and other bits and pieces to hopefully deliver some real value to people attending.
Slides by: Stuart Turner
Website: https://cyberscotlandconnect.com/
Latest Updates to Splunk from .conf 2017 Announcements Harry McLaren
Session detailing some of the best announcements from the recent Splunk users conference. Delivered at the Splunk User Group in Edinburgh on October 16, 2017.
Securing the Enterprise/Cloud with Splunk at the CentreHarry McLaren
Using orchestration tools with Splunk to automate and respond to events of interest and what types of use cases and logs you can leverage AWS/Cloud as the source.
Delivered as part of the Splunk User Group in Edinburgh in August 2017
Steam: http://productfor.ge/SUGE0817
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
4. Agenda
• Housekeeping: Overview & House Rules
• Presentation: Deployment Best Practices
• Group Discussion: Deployment Challenges & Solutions
• Presentation: Security Best Practices
• Group Discussion: Security Challenges & Solutions
• Group Discussion: Favourite Use Cases [Optional]
4
5. [Splunk Official] User Group
“The overall goal is to create an authentic, ongoing
user group experience for our users, where
they contribute and get involved”
● User Lead
● Technical Discussions
● Sharing Environment
● Build Trust (With Community & Splunk)
● No Sales!
5
9. Planning & Design
9
● High Level Design & Environment Diagram
● High Availability / Load Balancing
– Minimum Number of Nodes (SHC x3 / IXC x2-3)
– Forwarder Based (AutoLB), Search Heads (Persistent Sessions via Load Balancer)
● Hardware & Storage Requirements
– Availability / Retention / Archiving
● Development / Staging Environment
● Environment Orchestration & Configuration
– Version Control, Configuration Management, Access Management, Packaging
10. Pre-Implementation
10
● Raise Required Changes (Network, Identity, Architecture)
● Validate Connectivity & System Access
● Download Binaries / Licences / Apps
– Splunk Software & Splunk Licenses
● Ensure DNS Records Function
– IP Addresses Should Be Avoided In Config (Use DNS Records)
● Forwarder Deployment
– Engage with Platform Teams
– Develop Automation Script (Requires deploymentsclient.conf with DNS Entry)
11. Implementation
11
● Build Sequence
– Management Layer > Indexer Layer > Search Layer
● Data Source On-boarding Process
– Use Case Identification, Data Source Profiling, Develop, Test & Deliver (RTL)
● Utilise Splunk Apps & Add-ons (Free & Premium)
– Unix App, Windows Infrastructure App, VM Ware App, Apache App, Etc.
● Bundle Search Objects Into Custom Apps
– Breakdown by Business Unit, Grouped Use Cases, Etc.
● Use Splunk Documentation & Splunk Answers for Guidelines
12. Post-Implementation
12
● Update Designs / Diagrams (Delivered Implementation)
● Training & Knowledge Sharing
– Education Courses (Free / Paid), Community Support & Partner Training
● Identify Splunk Champions
– Technical & Business
● Build Business Value
– Identify Secondary User Cases
● Build Entitlement Framework
– Cost Centre Clawback, Shared Financial Burden, Shared Responsibility
17. Pre-Install Hardening & Validation
17
● Secure Operating System Pre-Installation
● Industry Standard Guidelines
– Centre For Internet Security (CIS) - Security Benchmarks
● Create Splunk Specific User/Group with Relevant Permissions
– Ensure Splunk Doesn’t Run as ‘Administrator’ or ‘Root’
● Verify Integrity of Binaries (Checksum Hash / Signature)
18. Implementation Hardening
18
● User Authentication & Role-Based Access Control
● Transport Encryption & Authentication (TLS)
● Secure Password Deployment
– Shared splunk.secret / Hashed Passwords in Deployment Apps
● Access Control Lists
– Simple IP/DNS Whitelisting or Blacklisting
● Disable Unnecessary Splunk Components (Splunk Web / REST Port)
● Configuration Change Monitoring via Splunk
19. Monitoring Environment (Security & IT Ops)
19
● Collect Local Operating System Hosts Logs / Report on Anomalies
– Security, Access, Application, Configuration, Patching & Performance
● Forward All Splunk’s Internal Logs into Indexers
● Splunk Crafted Reporting for ‘Splunk’ (Previously: Splunk on Splunk)
– Indexing Performance, Search Performance, Search Activity, Missing Forwarders
● Report On Users Attempting to Search Restricted Indexes
● Use Data Integrity Checking & Monitor Exceptions
22. Security Challenges & Solutions
22
● Example Security Challenges:
– Easier Implementation of Transport Encryption (TLS)?
‣ Scripted Certification Generation & Deployment via App
– How to Segment Data?
‣ According to Business Unit or Use Case (via Indexes)
● Discussion Time Limit: 15mins
24. Favourite Use Cases
24
● Example Use Cases:
– Self Healing with ServiceNow Integration with Ansible
– IT Operational Monitoring with IT Service Intelligence (Glass Tables)
– Malicious Behaviour Detection with Entropy Analysis on DNS Logs
● Discussion Time Limit: 15mins
25. Updates Announced at .conf 2016
● Introducing Splunk Enterprise 6.5 - Available Now
‣ Splunk ML Toolkit – a guided workbench and SPL extensions to help you create
and operationalize your own custom analytics based on your choice of algorithms.
‣ Tables, a new feature that lets you create and analyse tabular data views without
using SPL.
‣ Hadoop Data Roll give you another way to reduce historical data storage costs
while keeping full search capability.
● New Releases (General Availability October 2016):
– Splunk Enterprise Security [Minor Release]
– Splunk IT Service Intelligence [Major Release]
– Splunk User Behaviour Analytics [Major Release]
25
26. Get Involved!
● Splunk User Group Edinburgh
– https://usergroups.splunk.com/group/splunk-user-group-edinburgh.html
● Splunk’s Slack Group
– Register via www.splunk402.com/chat
– Channel: #edinburgh
● Present & Share at the User Group?
Connect:
‣ Harry McLaren | harry.mclaren@ecs.co.uk | @cyberharibu | harrymclaren.co.uk
‣ ECS | enquiries@ecs.co.uk | @ECS_IT | ecs.co.uk
26
High availability deployment - Indexer cluster: http://docs.splunk.com/Documentation/Splunk/6.5.0/Deploy/Indexercluster
Design considerations: http://docs.splunk.com/Documentation/Splunk/6.5.0/Deploy/Deploymentcharacteristics#Design_considerations
Set up load balancing: http://docs.splunk.com/Documentation/Splunk/6.5.0/Forwarding/Setuploadbalancingd
Use a load balancer with search head clustering: http://docs.splunk.com/Documentation/Splunk/6.5.0/DistSearch/UseSHCwithloadbalancers
Reference hardware: http://docs.splunk.com/Documentation/Splunk/6.5.0/Capacity/Referencehardware
Estimate your storage requirements: http://docs.splunk.com/Documentation/Splunk/6.5.0/Capacity/Estimateyourstoragerequirements
How Splunk Enterprise calculates disk storage: http://docs.splunk.com/Documentation/Splunk/6.5.0/Capacity/HowSplunkcalculatesdiskstorage
Universal forwarder system requirements: http://docs.splunk.com/Documentation/Forwarder/6.5.0/Forwarder/Systemrequirements
Install a Windows universal forwarder remotely with a static configuration: http://docs.splunk.com/Documentation/Forwarder/6.5.0/Forwarder/InstallaWindowsuniversalforwarderremotelywithastaticconfiguration
Install a *nix universal forwarder remotely with a static configuration: http://docs.splunk.com/Documentation/Forwarder/6.5.0/Forwarder/Installanixuniversalforwarderremotelywithastaticconfiguration
Splunk Education: http://www.splunk.com/view/education/SP-CAAAAH9
Use Cases: https://www.splunk.com/en_us/solutions/solution-areas.html
Centre For Internet Security: https://benchmarks.cisecurity.org/
Run Splunk Enterprise as a different or non-root user: https://docs.splunk.com/Documentation/Splunk/6.5.0/Installation/RunSplunkasadifferentornon-rootuser
Securing Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/WhatyoucansecurewithSplunk
Use access control to secure Splunk data: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/UseaccesscontroltosecureSplunkdata
About securing Splunk Enterprise with SSL: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/AboutsecuringyourSplunkconfigurationwithSSL
Deploy secure passwords across multiple servers: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/Deploysecurepasswordsacrossmultipleservers
Use Access Control Lists: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/Useaccesscontrollists
What Splunk software logs about itself: http://docs.splunk.com/Documentation/Splunk/6.5.0/Troubleshooting/WhatSplunklogsaboutitself