Splunk

A customer of mine runs daily vulnerability scans using a myriad of tools across servers and applications in their data center. As you would expect, they can use the native reporting capabilities of the various tools to review a given set of scan ... [More] results, but if you’ve done this sort of thing before then you understand the issues associated with trying to get any real understanding by looking at disparate, clunky reporting tools, each in their own silo. Ingesting vulnerability data into Splunk offers tons of powerful abilities while breaking down any sort of silos that could be a hindrance to correlation and true security analytics. In fact, our Common Information Model includes a Vulnerabilities model that can help normalize … [Less]

It’s almost time for RSA 2016 and, as usual, Splunk will be there in full force! In fact, this year we will have two booths – one in the North Hall (#3321) and one in the South Hall (#2620). Yes, that’s double the Splunk for a truly superior RSA ... [More] experience! Our North Hall booth will host everything you’ve come to know and love about Splunk – Splunk experts, interactive demos of Splunk security solutions including Splunk Enterprise Security and Splunk User Behavior Analytics, as well as top notch theater presentations, and of course, awesome Splunk t-shirts. On Wednesday, March 2nd at 2:30pm, the NIST National Cybersecurity Center of Excellence (NCCoE) will conduct a demonstration highlighting their newly-published Cybersecurity … [Less]

Hey there community and welcome to the 55th installment of Smart AnSwerS. Next Wednesday, March 2nd @ 6:30PM, Splunk HQ will be hosting our monthly SF Bay Area User Group meeting. Since it’s during RSA, topics covered will be related to *drum ... [More] roll*…SECURITY! If you happen to be local or visiting from out of town for the conference, come join fellow users over pizza and beer and listen to a talk from Monzy Merza, Chief Security Evangelist at Splunk. Be sure to visit the user group event page to RSVP and stay updated on the tentative agenda. Hopefully see you next Wednesday! Check out this week’s featured Splunk Answers posts: How to combine my two searches to … [Less]

Hi all, I had an interesting meeting recently where lots of great ideas were shared. One of those was how useful it would be if you could analyze data from your backup systems? Imagine you have a backup for each of your endpoints like desktops ... [More] , laptops or production machines in manufacturing. You would be able to track and review problems as well as security incidents, creating reports on the fly to gain insight into your environment. We at Splunk have our endpoints on Crashplan from Code42. Code42 offers a cloud version as well as on premise appliances. So if a laptop is broken or stolen we can easily restore all the data that lived on the lost endpoint to a brand new machine. That … [Less]

(Hi all–welcome to the latest installment in the series of technical blog posts from members of the SplunkTrust, our Community MVP program. We’re very proud to have such a fantastic group of community MVPs, and are excited to see what you’ll do with ... [More] what you learn from them over the coming months and years. –rachel perkins, Sr. Director, Splunk Community) This is part 3 of a series. Find part 1 here: http://blogs.splunk.com/2016/02/11/whats-next-next-level-splunk-sysadmin-tasks-part-1/. Find part 2 here: http://blogs.splunk.com/2016/02/16/whats-next-next-level-splunk-sysadmin-tasks-part-2/ Hi, I’m Mark Runals, Lead Security Engineer at The Ohio State University, and member of the SplunkTrust. There can be numerous challenges involved with ingesting data into your local Splunk environment. Because Splunk works so well out of the box against so many … [Less]

It’s a well-known fact that organizations are facing an astonishing number of cyberthreats ⎯and that number continues to grow on a daily basis. No organization is immune to malicious threats, whether it is a private enterprise, government agency ... [More] , educational institution or non-profit. That’s why Splunk and Verizon Enterprise Solutions are teaming up to arm clients with the tools and systems they need to battle cybercriminals. Our weapon of choice? Analytics-driven security. Together, Verizon and Splunk are addressing a pressing need for better-managed security operations center (SOC) solutions. Verizon now offers Splunk-powered, analytics-driven predictive threat detection to enterprises and government agencies. By integrating analytics from Splunk Security solutions, Verizon has enhanced its flagship Managed Security Services platform. Leveraging massive … [Less]

This blog post will show you how to find if your systems are affected by the glibc vulnerability revealed on Feb 16th, 2016 by Google researchers. This vulnerability affects the glibc versions from 2.9 through 2.22. This is a critical bug because ... [More] glibc is used across many mobile, virtual, cloud and high performance computing platforms and could lead to remote exploitation. The Problem According to the Google Blog post: “The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. Google has found some mitigations that may help prevent exploitation … [Less]

You may be familiar with Splunk’s extensive integrations across Cisco’s security, data center and networking product families but did you know that many organizations use Splunk to accelerate troubleshooting and get better visiblity into their Cisco ... [More] collaboration environment? Within a Cisco Unified Communications environment Splunk’s ability to provide real-time visibility, proactive notifications, and automatic remediation of issues faciliates: Operational break fix & troubleshooting. Splunk can help eliminate finger pointing by helping determine where a call quality problem exists (across network devices, inbound, outbound, etc.). Call Analytics. Call center and support organizations can track call duration, dropped calls, time in queue, etc. Business Analytics ­ Improve return on investment with better visibility into licensing usage, desk phones vs soft phones, … [Less]

Hey there community and welcome to the 54th installment of Smart AnSwerS. Next Tuesday, February 23rd, 2016, we’ll be having our SplunkTrust Virtual .conf session #4 from 12:00PM to 1:00PM PST. SplunkTrust member Mark Runals will be presenting his ... [More] .conf2015 session “Taming your Data”, featuring the data onboarding maturity scoring model and dynamically having Splunk detect mis-categorized sourcetypes. Visit the event meetup page to RSVP and join the 35+ users and counting via Webex next week! Check out this week’s featured Splunk Answers posts: Is it recommended to install a universal forwarder on thousands of workstations or on a few dedicated syslog/Windows Event Collector servers? flee needed to forward Windows events from about 6000 Windows workstations … [Less]

It’s true. You can Splunk just about anything. As someone who is not incredibly technically inclined, understanding the power of Splunk can be difficult to wrap my head around. I find the best way to understand the power of Splunk is to apply it to ... [More] something you know and love. And with SplunkLive! coming up in some of the best barbecue cities across the US this year, my personal experimentation with Splunk happens to tie-in nicely. I’ve been happily married to a Texan and University of Texas at Austin graduate for nine years. Aside from being a top-notch husband, he has a passion and knack for cooking Texas-style barbecue and brewing beer. For now, let’s focus on the barbecue. Technology meet … [Less]