The document outlines the agenda for a virtual SplunkLive! event for higher education on January 28, 2015. It includes an overview of Splunk, presentations from various universities on their Splunk implementations, and breakout sessions on getting started with Splunk, security, and IT operations. It also provides information on Splunk products and capabilities for IT operations, security, application delivery, business analytics, industrial data, and the Internet of Things.
Splunk Webinar – IT Operations auf den nächsten Level bringenSplunk
Verwertbare Einblicke in Ihre Daten gewinnen und IT Operations auf den nächsten Level bringen
In unserem Webinar zeigen wir Ihnen anhand einer Demo:
- wie Sie Service-Kontext gewinnen, in dem Sie Verhaltens- und Performance-Daten kombinieren.
- wie Sie ein genaues Bild Ihrer Umgebung erhalten, damit Sie Prozesse optimieren können
- wie Sie Kernursachen-Analysen beschleunigen und so Ausfälle auf Kundenseite entgegenwirken können
- wie Sie Incident Investigation priorisieren und die Time-to-Resolution durch Verhaltens- und Event-Analysen verkürzen
- wie Analytics und Machine Learning Service Intelliegence verbessern können
Splunk Webinar – IT Operations auf den nächsten Level bringenSplunk
Verwertbare Einblicke in Ihre Daten gewinnen und IT Operations auf den nächsten Level bringen
In unserem Webinar zeigen wir Ihnen anhand einer Demo:
- wie Sie Service-Kontext gewinnen, in dem Sie Verhaltens- und Performance-Daten kombinieren.
- wie Sie ein genaues Bild Ihrer Umgebung erhalten, damit Sie Prozesse optimieren können
- wie Sie Kernursachen-Analysen beschleunigen und so Ausfälle auf Kundenseite entgegenwirken können
- wie Sie Incident Investigation priorisieren und die Time-to-Resolution durch Verhaltens- und Event-Analysen verkürzen
- wie Analytics und Machine Learning Service Intelliegence verbessern können
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
On your marks, get set GO!
Take a more in-depth look at the automation and orchestration journey and the future of SOAR.
Watch the SOCtails video here: https://www.youtube.com/watch?v=YzsGQzqaDYw&t=2s
These are the slides from the webinar broadcast on April 1st 2020, presented by Philipp Drieger. Content covers:
- Introduction to AI and ML Features in Splunk
- Customer Use Case Examples
- Live Demo of Machine Learning Toolkit, with examples for:
Methods for Anomaly Detection, Predictive Analytics and Forecasting, and Clustering
- Custom Machine Learning, incl.: Advanced Containerization and Expansion with MLSPL API
Looking into 2020 and beyond, we are certainly going to continue this trend of strategic technology investment and architecture evolution. This session’s aim is to highlight Splunk platform evolutionary approach to address key technology trends. Additionally, many customers are adopting Serverless cloud services to deliver their cloud solutions. This session will include a live demo of a new library of functions which provides Google Cloud Platform (GCP) serverless “push” capability to send data into Splunk, via HTTP Event Collector (HEC).
Splunk AI & Machine Learning Roundtable 2019 - ZurichSplunk
Splunk Artificial Intelligence and Machine Learning Roundtable held in Zurich on November 6th 2019. Presented by Philipp Drieger, Staff Machine Learning Architect.
Delivering business value from operational insights at ING BankSplunk
Discover how ING Bank gains critical insights from the data generated across its IT estate. This webinar will highlight how the bank benefits from real-time visibility into its operations and performance, while enhancing business analytics to deliver improved insight into customer behavior and ultimately make better business decisions.
Join this webinar to learn how ING Bank:
- Maps the customer journey end-to-end
- Scores each of its retail customers every day to prepare the best offers for them
- Categorizes in real-time each financial transaction performed by retail customers to provide them with the best insight into their monthly budget and money flow
AI and Machine Learning can be used for the greater good. Why should AI be applied and what are the main challenges that have to be tackled when harnessing the power of AI for social good? Find out more here.
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk
Splunk Software ermöglicht den Interessierten unter uns, das anzusehen, was andere ignorieren - Maschinendaten - und das zu finden, was andere niemals sehen - wertvolle Einblicke, durch die Ihr Team und Unternehmen produktiver, profitabler, wettbewerbsfähiger und sicherer wird.
Sind Sie schon neugierig, welche Informationen in Ihren Maschinendaten stecken?
In diesem Webinar zeigen wir Ihnen, warum über 11 000 Unternehmen, Splunk Software für folgendes nutzen:
- Beseitigung von Applikationsproblemen und Investigation von Security-Vorfällen in Minutenschnelle
- Vermeidung von Service-Problemen oder Ausfällen
- Einhaltung von Compliance Vorschriften zu niedrigeren Kosten
- Neue Einblicke in die Geschäftstätigkeit
Nehmen Sie teil an dieser Operational Intelligence Demo-Session und erfahren Sie mehr darüber, wie Sie und Ihr Team effizienter und produktiver arbeiten können.
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
Using Simple XML and Splunk Enterprise, learn how to create easy interactive dashboards to explore data. This demo showcases great tools to put ion the hands of Splunk users, help desk users and IT Operations staff.
Splunk for Industrial Data and the Internet of Thingsaliciasyc
The IoT is a natural evolution of the world’s networks. Just as people became more connected by devices and applications during the explosion of the social media revolution, devices, sensors and industrial equipment are also becoming more connected—and are consuming and generating data at an unprecedented pace. Disparate and deployed connected devices can provide a unique touchpoint to real-world operations and conditions. Only few architectures and applications are designed to handle the constant streams of real-time events, sensor readings, user interactions and application data produced by massive numbers of connected devices. Use Splunk to collect, index and harness the power of the machine data generated by connected devices and machines deployed on your local network or around the world.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
On your marks, get set GO!
Take a more in-depth look at the automation and orchestration journey and the future of SOAR.
Watch the SOCtails video here: https://www.youtube.com/watch?v=YzsGQzqaDYw&t=2s
These are the slides from the webinar broadcast on April 1st 2020, presented by Philipp Drieger. Content covers:
- Introduction to AI and ML Features in Splunk
- Customer Use Case Examples
- Live Demo of Machine Learning Toolkit, with examples for:
Methods for Anomaly Detection, Predictive Analytics and Forecasting, and Clustering
- Custom Machine Learning, incl.: Advanced Containerization and Expansion with MLSPL API
Looking into 2020 and beyond, we are certainly going to continue this trend of strategic technology investment and architecture evolution. This session’s aim is to highlight Splunk platform evolutionary approach to address key technology trends. Additionally, many customers are adopting Serverless cloud services to deliver their cloud solutions. This session will include a live demo of a new library of functions which provides Google Cloud Platform (GCP) serverless “push” capability to send data into Splunk, via HTTP Event Collector (HEC).
Splunk AI & Machine Learning Roundtable 2019 - ZurichSplunk
Splunk Artificial Intelligence and Machine Learning Roundtable held in Zurich on November 6th 2019. Presented by Philipp Drieger, Staff Machine Learning Architect.
Delivering business value from operational insights at ING BankSplunk
Discover how ING Bank gains critical insights from the data generated across its IT estate. This webinar will highlight how the bank benefits from real-time visibility into its operations and performance, while enhancing business analytics to deliver improved insight into customer behavior and ultimately make better business decisions.
Join this webinar to learn how ING Bank:
- Maps the customer journey end-to-end
- Scores each of its retail customers every day to prepare the best offers for them
- Categorizes in real-time each financial transaction performed by retail customers to provide them with the best insight into their monthly budget and money flow
AI and Machine Learning can be used for the greater good. Why should AI be applied and what are the main challenges that have to be tackled when harnessing the power of AI for social good? Find out more here.
Splunk - Verwandeln Sie Datensilos in Operational IntelligenceSplunk
Splunk Software ermöglicht den Interessierten unter uns, das anzusehen, was andere ignorieren - Maschinendaten - und das zu finden, was andere niemals sehen - wertvolle Einblicke, durch die Ihr Team und Unternehmen produktiver, profitabler, wettbewerbsfähiger und sicherer wird.
Sind Sie schon neugierig, welche Informationen in Ihren Maschinendaten stecken?
In diesem Webinar zeigen wir Ihnen, warum über 11 000 Unternehmen, Splunk Software für folgendes nutzen:
- Beseitigung von Applikationsproblemen und Investigation von Security-Vorfällen in Minutenschnelle
- Vermeidung von Service-Problemen oder Ausfällen
- Einhaltung von Compliance Vorschriften zu niedrigeren Kosten
- Neue Einblicke in die Geschäftstätigkeit
Nehmen Sie teil an dieser Operational Intelligence Demo-Session und erfahren Sie mehr darüber, wie Sie und Ihr Team effizienter und produktiver arbeiten können.
Splunk conf2014 - Dashboard Fun - Creating an Interactive Transaction ProfilerSplunk
Using Simple XML and Splunk Enterprise, learn how to create easy interactive dashboards to explore data. This demo showcases great tools to put ion the hands of Splunk users, help desk users and IT Operations staff.
Splunk for Industrial Data and the Internet of Thingsaliciasyc
The IoT is a natural evolution of the world’s networks. Just as people became more connected by devices and applications during the explosion of the social media revolution, devices, sensors and industrial equipment are also becoming more connected—and are consuming and generating data at an unprecedented pace. Disparate and deployed connected devices can provide a unique touchpoint to real-world operations and conditions. Only few architectures and applications are designed to handle the constant streams of real-time events, sensor readings, user interactions and application data produced by massive numbers of connected devices. Use Splunk to collect, index and harness the power of the machine data generated by connected devices and machines deployed on your local network or around the world.
Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
SplunkLive! Amsterdam 2015 Breakout - Getting Started with SplunkSplunk
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of big data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
What is Splunk? At the end of this session you’ll have a high-level understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll see practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Getting Started with Splunk Enterprise Hands-OnSplunk
Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session, you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk
Learn what is new in Splunk App for Stream and how it can help you utilize wire/network data analytics to proactively resolve applications and IT operational issues and to efficiently analyze security threats in real-time, across your cloud and on-premises infrastructures. Additionally, you will learn about Splunk MINT, which allows you to gain operational intelligence on the availability, performance, and usage of your mobile apps. You’ll learn how to instrument your mobile apps for operational insight, and how you can build the dashboards, alerts, and searches you need to gain real-time insight on your mobile apps.
Getting Started with Splunk Enterprise Hands-OnSplunk
Here’s your chance to get hands-on with Splunk for the first time! Bring your laptop, and we’ll go through a simple install of Splunk. Then we’ll load some sample data, and see Splunk in action. At the end of this session you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. We’ll share practical examples that differentiate Splunk while demonstrating how to gain quick time to value.
Similar to Virtual SplunkLive! for Higher Education Overview/Customers (20)
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
3. (ALL
TIMES
EASTERN
US
TIME
ZONE)
1:00
Welcome
1:10
Splunk
Overview
[Monzy
Merza,
Splunk]
1:45
Internet2
NET+
Splunk
Offering
[Andrew
Kea_ng,
I2]
2:00
Ohio
State
University
[Mark
Runals]
2:30
Baylor
University
[Jon
Allen,
Keith
Schonenfield]
3:00
University
of
Washington
[S.
De
Vight,
P.
Michaud]
3:30
Splunk
Cloud
[Nick
Pavlovich,
Splunk]
3:50
10
minute
break
4:00
Breakout
Sessions
Gecng
Started
Security
IT
Opera_ons
TODAY’S
AGENDA
5. 5
Safe
Harbor
Statement
During
the
course
of
this
presenta_on,
we
may
make
forward
looking
statements
regarding
future
events
or
the
expected
performance
of
the
company.
We
cau_on
you
that
such
statements
reflect
our
current
expecta_ons
and
es_mates
based
on
factors
currently
known
to
us
and
that
actual
events
or
results
could
differ
materially.
For
important
factors
that
may
cause
actual
results
to
differ
from
those
contained
in
our
forward-‐looking
statements,
please
review
our
filings
with
the
SEC.
The
forward-‐looking
statements
made
in
this
presenta_on
are
being
made
as
of
the
_me
and
date
of
its
live
presenta_on.
If
reviewed
ager
its
live
presenta_on,
this
presenta_on
may
not
contain
current
or
accurate
informa_on.
We
do
not
assume
any
obliga_on
to
update
any
forward
looking
statements
we
may
make.
In
addi_on,
any
informa_on
about
our
roadmap
outlines
our
general
product
direc_on
and
is
subject
to
change
at
any
_me
without
no_ce.
It
is
for
informa_onal
purposes
only
and
shall
not
be
incorporated
into
any
contract
or
other
commitment.
Splunk
undertakes
no
obliga_on
either
to
develop
the
features
or
func_onality
described
or
to
include
any
such
feature
or
func_onality
in
a
future
release.
6. Disrup;ve
Approach
to
Unstructured
Data
Structured
RDBMS
SQL
Search
Schema
at
Write
Schema
at
Read
1980-‐2010
2010+
ETL
Universal
Indexing
Unstructured
Volume
|
Velocity
|
Variety
7. 7
Make
machine
data
accessible,
usable
and
valuable
to
everyone.
7
7
7
8. COLLECT
DATA
FROM
ANYWHERE
SEARCH
AND
ANALYZE
EVERYTHING
GAIN
REAL-‐TIME
OPERATIONAL
INTELLIGENCE
The
Power
of
Splunk
8
9. 9
Why
Splunk?
FAST
TIME-‐TO-‐VALUE
ONE
PLATFORM,
MULTIPLE
USE
CASES
VISIBILITY
ACROSS
STACK,
NOT
JUST
SILOS
ASK
ANY
QUESTION
OF
DATA
ANY
DATA,
ANY
SOURCE
OR
DEPLOYMENT
MODEL
10. 10
Turning
Machine
Data
Into
Business
Value
Index
Untapped
Data:
Any
Source,
Type,
Volume
Online
Services
Web
Services
Servers
Security
GPS
Loca_on
Storage
Desktops
Networks
Packaged
Applica_ons
Custom
Applica_ons
Messaging
Telecoms
Online
Shopping
Cart
Web
Clickstreams
Databases
Energy
Meters
Call
Detail
Records
Smartphones
and
Devices
RFID
On-‐
Premises
Private
Cloud
Public
Cloud
Ask
Any
Ques;on
Applica;on
Delivery
Security,
Compliance
and
Fraud
IT
Opera;ons
Business
Analy;cs
Industrial
Data
and
the
Internet
of
Things
11. Phases
of
Opera;onal
Intelligence
Reac;ve
Search
and
Inves_gate
Proac_ve
Monitoring
and
Aler_ng
Opera_onal
Visibility
Proac;ve
Real-‐_me
Business
Insight
12. IT
Opera_ons
Applica_on
Delivery
Developer
Plamorm
(REST
API,
SDKs)
Business
Analy_cs
Industrial
Data
and
Internet
of
Things
12
Delivers
Value
Across
IT
and
the
Business
Security,
Compliance,
and
Fraud
13. Why
Domino’s
uses
Splunk
for
Applica;on
Management
and
Business
Analy;cs
Understand
device
and
app
usage
trends
for
orders
Real-‐;me
revenue
insights
from
store
data
Visibility
into
online
and
mobile
coupon
redemp;on
Refine
campaigns
for
higher
conversion
13
14. 14
Apps
&
Capabili;es
for
Business
Analy;cs
Apps,
Features
&
Partners
• DB
Connect
• Stream
• ODBC
Driver
• Data
Models
• Pivot
15. IT
Opera_ons
Security,
Compliance,
and
Fraud
Applica_on
Delivery
Developer
Plamorm
(REST
API,
SDKs)
Business
Analy_cs
Industrial
Data
and
Internet
of
Things
15
Delivers
Value
Across
IT
and
the
Business
16. Building
Smarter
Transporta;on
Improving
Safety
Reducing
Fuel
Costs
Improving
On-‐Time
Opera_ons
Over
$1
Billion
in
Poten;al
Savings
16
17. 17
Apps
&
Capabili;es
for
Industrial
Data
&
Internet
of
Things
• DBConnect
• REST
API
and
SNMP
Modular
Inputs
• Universal
Forwarder
for
Raspberry
Pi
Apps,
Features
&
Partners
REST
19. 19
What’s
New
in
Splunk
Enterprise
6.2
Gecng
Data
In
Advanced
Field
Extractor
Instant
Pivot
Event
Paqern
Detec_on
Prebuilt
Panels
Search
Head
Clustering
Distributed
Management
Console
Powerful
Analy;cs
for
Broader
Number
of
Users
Faster
Data
Onboarding
Breakthrough
Scalability
and
Centralized
Mgmt.
20. Unparalleled
Cloud
Service
for
Machine
Data
100%
Up;me
SLA
Hybrid
Plaform
Secure
and
Reliable
Instant
Access
20
21. 21
What’s
New
in
Hunk
6.2
Hunk
Sandbox
Data
Explorer
Faster
to
Deploy
and
Gain
Value
Instant
Pivot
Event
Paqern
Detec_on
Prebuilt
Panels
More
Powerful
Analy;cs
for
Everyone
AWS
Hunk
Service
Hunk
Apps
Extend
Exploratory
Analy;cs
22. Extending
Opera;onal
Intelligence
to
Mobile
Apps
Deliver
Beqer
Performing,
More
Reliable
Apps
Deliver
Real-‐Time
Omni-‐Channel
Analy_cs
End-‐to-‐End
Performance
and
Capacity
Insights
22
23. New
Data
Sources
Universal
Forwarder
on
z/Linux
Syncsort
Ironstream
on
z/OS
Mainframe
Kepware
Industrial
Data
23
Splunk
App
for
Stream
Wire
Data
24. Mainframe
Data
VMware
Plamorm
for
Machine
Data
Easy
to
Adopt
Splunk
Exchange
PCI
Security
DB
Connect
Mobile
Forwarders
Syslog
/
TCP
/
Other
Sensors
&
Control
Systems
Rich
Ecosystem
of
Apps
Across
Data
Sources,
Use
Cases
&
Consump;on
Models
Stream
24
26. Educa;on
Healthcare
Technology
Energy
and
U;li;es
Manufacturing
Telecommunica;ons
Cloud
and
Online
Services
Government
Retail
Financial
Services
and
Insurance
Media
Travel
and
Leisure
26
Proven
at
8,400+
Customers
in
100
Countries
Over
3/4
the
Fortune
100
27. FREE
ONLINE
SANDBOX
FREE
DOWNLOAD
FREE
AMAZON
MACHINE
IMAGES
(AMI)
27
Easy
to
Try
&
Get
Started
1
3
2
36. 36
About Me
IT Security in some fashion for 12+ years
At OSU for 2 ½ years
Using Splunk for 2 ½ years (direct correlation)
Other LM/SIEM Space
• Managed a medium size ArcSight deployment
• Used Symantec’s MSSP
Splunk Apps:
• Data Curator, Forwarder Health, Change Tracker/Config Mgmt
37. 37
Large Place
64k Students; 43k Staff; 175 Undergraduate Programs; ~200k IPs
Distributed
100+ IT groups; 30 CIOs; 7 Campuses; 1,245 Buildings; own zip code
Technology
You name it we probably have it (somewhere)
OSU Environment
38. 38
1.7 TB data per day
430B events in the system
10k+ Devices
12 types of firewalls
Multiple OS
90+ teams with data in Splunk
700+ different types of data
350+ users
Splunk After 2+ Years
39. 39
Lessons Learned
Don’t boil the ocean
• Have a data rollon / data definition process
• Start leveraging a Common Information Model (CIM)
Check out Splunk’s
There are different work streams
• Data Management – getting data in
• Knowledge Management – getting data out
Data Curator app
• Designed to help with previous point
40. 40
Splunk – First Steps
1. If you have firewall data make an interactive dashboard that helps
teams identify blocks.
2. Go out and buy a 30” or 40” TV and display something on it
• Splunk v6.x embedded reports
• Huge ROI
41. 41
Don’t Display…
Top 5 Countries Attacking Us
1. China
2. US
3. Romania
4. Somewhere
5. Somewhere Else
Top 5 Authentication Locations
1. Columbus, OH
2. Ohio (other)
3. US
4. etc
5. etc
42. 42
IDS – Last 24hrs
Use built in Splunk map if you must; doesn’t display numbers /sigh
49. 49
Accounts Sending Spam
sourcetype = snort [sourcetype = msexchange_data sender=
$user$ original_client_ip=* | dedup original_client_ip | rename
original_client_ip as src_ip | fields src_ip] | …
Pass the user name token (red) to the subsearch (blue) which pulls out the
associated IPs and renames them according to the field snort uses
50. 50
Grade Change
• Investigation kickoff evidence – lockpick stuck in lock
• Many logs useful
• Learning Management System
• Various authentication logs
• Wireless
51. 51
Library Proxy Abuse
OSU pays for
online resources
Student falls for
phishing
Malicious site
leverages account
creds and library proxy
Notification by vendor that there was an issue
• Had user name – how can we identify malicious behavior?
52. 52
Recent Security Work Leveraging Splunk
User Agent string looks interesting!
Often the malicious actors will setup a website that leverages the compromised creds.
The number of source IPs will be very low.
53. 53
Cheating on LMS Tests
Online test taking will only grow
What can we use to spot anomalies?
Ø Multiple tests from same IP
Ø Time elements from tests (ie time taken vs avg time)
56. 56
Summary
Going from a data repository to an engine takes time
You have a data lake full of black swans
• Use use cases to drive your efforts / start somewhere
• Don’t wait for perfect
59. 59
About
Baylor
• Private
faith
based
ins_tu_on
• Founded
in
1845
• 16,260
students
• Over
2,900
faculty/staff
60. 60
Jon
Allen
• Over
15
years
at
Baylor
University
• Started
the
informa_on
security
group
• M.S.
Computer
Science
61. 61
Keith
Schoenefeld
• 15
Years
in
Higher
Educa_on
Informa_on
Security
• Vulnerability
Management
• Log
Management
(ng-‐syslog,
rsyslog,
Splunk)
• Splunk
Cer_fied
Architect
by
the
end
of
February.
62. 62
Enhancing
Security
Infrastructure
• PCI
compliance
• Gaining
vision
into
high
volume
log
sources
– Ac_ve
Directory
– Firewalls
– IDS/IPS
• Build
a
new
service
within
IT
that
has
security
advantages
63. 63
Ini_a_ve
Buy
In
• Great
security
wants
us
to
do
what
• Push
the
opera_onal
benefits
• Find
one
or
two
early
wins
64. 64
Cluster
Master
Cluster
Members
Dedicated
Search
Head
Splunk
Forwarders
.
.
.
65. 65
Technical
Specifica_ons
• Dedicated
Search
Head
(x1)
– 48
cores
– 64G
RAM
• Cluster
Members
(x3)
– Clustered
for
High
Availability
and
Faster
Searching
– Each
has:
ê 3.3
TB
local
storage,
configured
in
RAID
10
(~2000
iops)
ê 10
TB
SAN
storage
(~
700
iops)
ê 32
cores
ê 64G
RAM
66. 66
Networking
Group
• Firewall
• IPS
• IAS
• DHCP
• Networking
Devices
• Windows
Servers
• Linux
Servers
Servers
• Ac_ve
Directory
• Exchange
• Linux
Servers
PCI
• Firewall
• IPS
• Ac_ve
Directory
Client
Services
• AV
Items
in
RED
are
logs
we
could
not
previously
access
effec_vely.
67. 67
Proven
Effec_veness
• Servers
ê User
Login
troubleshoo_ng
– Cuts
troubleshoo_ng
_me
from
3
hours
to
10
minutes
each
ê Email
flow
troubleshoo_ng
– Cuts
troubleshoo_ng
_me
from
1
hour
to
10
minutes
each
ê Server
Performance
sta_s_cs
– Exchange
Volumes
69. 69
Robust
Toolset
• Raw
logs
to
knowledge
in
minutes
• Use
visuals
to
explain
complex
issues
• Link
disparate
data
sources
70. 70
Shellshock
Time
Ac;on
Device
Source
IP
Dest
IP
Dest
Port
Dest
Net
Tue
Oct
21
04:33:56
2014
ids
bro
89.121.161.232
129.62.aa.bb
80
DC
Tue
Oct
21
04:34:02
2014
reset-‐both
PAN
89.121.161.232
129.62.aa.bb
80
DC
Tue
Oct
21
04:40:05
2014
ids
bro
188.10.85.113
129.62.cc.dd
80
Dept.
A
Tue
Oct
21
04:40:11
2014
reset-‐both
PAN
188.10.85.113
129.62.cc.dd
80
Dept.
A
Tue
Oct
21
04:40:23
2014
ids
bro
188.10.85.113
129.62.cc.ee
80
Dept.
A
Tue
Oct
21
04:40:28
2014
reset-‐both
PAN
188.10.85.113
129.62.cc.ee
80
Dept.
A
Tue
Oct
21
04:40:30
2014
ids
bro
188.10.85.113
129.62.cc.ff
80
Dept.
A
Tue
Oct
21
04:40:35
2014
reset-‐both
PAN
188.10.85.113
129.62.cc.ff
80
Dept.
A
83. 83
Agenda
" About
us
" Splunk
at
the
University
of
Washington
" Suppor_ng
an
exis_ng
service
" Providing
data
to
UX
with
client-‐side
instrumenta_on
84. 84
Academic
and
Collabora_ve
Applica_ons
" A
division
within
UW-‐IT
focused
on
building
student
facing
Web
applica_ons
" Must
develop
new
applica_ons
while
maintaining
legacy
applica_ons
with
limited
resources
" Facts
and
figures
– Small
team
of
6
engineers
– Maintain
~15
applica_ons
– Support
over
140,000
users
across
3
campuses
– Support
9
groups
on
campus
running
their
own
Splunk
instances
via
our
license
master
86. 86
My
Background
and
Role
" Stephen
De
Vight
– With
the
UW
since
2006
– Current
Role:
Web
Applica_on
Engineer,
2011
– Mission:
To
support
teaching
and
learning
on
campus
through
the
development
of
interac_ve
Web
and
mobile
applica_ons
89. 89
Suppor_ng
an
Exis_ng
Service
• Homegrown
suite
of
academic
applica_ons
• Currently
consists
of
8
dis_nct
tools
• Released
in
1999
90. 90
Our
Needs
– Situa;on:
Legacy
database
logging
system
reached
end
of
life,
was
not
scaling
well,
and
was
too
costly
to
directly
replace
– Struggling
with:
Finding
a
solu_on
that
is
both
easy
to
build
and
maintain
as
well
as
being
able
to
scale
to
our
needs
– Wanted:
An
easy
to
use,
UI-‐driven,
applica_on
to
search
our
log
data
– Enter
Splunk:
Splunk
Enterprise
allowed
us
to
build
a
custom
searching
app
as
well
as
a
dashboard
for
monitoring
service
status
91. 91
Catalyst
Log
Search
• Advanced
XML
view
• Search
form
negates
the
need
for
users
to
learn
Splunk
search
language
or
understand
our
log
formacng
and
structure
• Support
can
analyze
user
ac_vity
to
provide
insight
into
incident
reports
Screenshot
here
92. 92
Catalyst
Dashboard
• Gauge
current
level
of
ac_vity
at
a
glance
• Examine
last
day
of
ac_vity
for
anomalous
usage
• Targets
slowest
loading
URLs
for
performance
improvement
93. 93
Data
Driven
User
Experience
• Mobile
Web
version
of
our
student
portal
• Focused
on
providing
_mely,
ac_onable
informa_on
to
our
students
• Based
on
a
student's
situa_on
and
the
_me
of
the
quarter
we
dynamically
display,
hide,
move,
and
reorder
content
94. 94
Our
Needs
– Situa;on:
UX
needs
a
way
to
validate
their
assump_ons
around
what
content
is
relevant
to
a
student
at
various
points
in
the
quarter
– Struggling
with:
Correla_ng
user
ac_vity
with
ins_tu_onal
data
(e.g.
class
standing,
campus,
etc.)
– Wanted:
A
self-‐driven
means
for
UX
and
business
analysts
to
analyze
log
data
– Enter
Splunk:
Splunk,
along
with
our
client-‐side
logging
solu_on,
allows
us
to
correlate
user
ac_vity
with
certain
ins_tu_onal
aqributes
we
log
95. 95
Client-‐Side
logging
• Google
Analy_cs
did
not
get
us
everything
we
needed
• Using
logger4javascript
to
collate
events
and
POST
to
a
REST
interface
• Events
are
bundled
to
reduce
network
overhead
• Events
are
wriqen
to
file
by
REST
server
hlp://www.log4javascript.org/
99. 99
Evenqypes
and
Transac_ons
index=myuw_production
(sourcetype=myuw_link_log
OR sourcetype=myuw_session_log)
Build
an
evenqype
that
contains
both
link
and
session
logs
100. 10
0
Session
Ac_vity
with
Transac_ons
index=myuw_production
eventtype=link_event
|transaction fields=session_key
maxspan=8h
|search target_url=*dars.asp
AND action=click
|stats count by target_url
• Create
a
transac_on
based
on
session_key
• Find
transac_ons
that
contain
a
link
click
to
‘*dars.asp’
• Get
count
of
other
URL
targets
clicked
within
that
transac_on
101. 10
1
Combining
Logs
with
Transac_ons
index=myuw_production eventtype=link_event
|transaction fields=session_key maxspan=8h
|search action=click
|stats count by class_level
• Create
a
transac_on
based
on
session_key
• Find
link
events
that
have
a
click
ac_on
• Using
the
session
log,
determine
how
many
link
clicks
were
made
by
each
class
level
102. 10
2
What’s
Next
" Add
more
of
our
applica_on’s
logs
to
Splunk
– Deploying
forwarders
via
Ansible
to
our
hosts
" Get
addi_onal
people
up
to
speed
with
querying
in
Splunk
" Reach
out
to
addi_onal
campus
partners
who
want
to
buy
into
the
license
103. 10
3
Top
Takeaways
" Building
a
search
form
makes
Splunk
simple
to
use
" Determine
your
analysis
needs
before
crea_ng
your
logging
scheme
" Client
side
logging
can
provide
valuable
insight
into
user
behavior
" Transac_ons
make
combining
logs
easy