SlideShare uma empresa Scribd logo

Securing the Enterprise/Cloud with Splunk at the Centre

Transferir como PPTX, PDF
H
Harry McLaren

Using orchestration tools with Splunk to automate and respond to events of interest and what types of use cases and logs you can leverage AWS/Cloud as the source. Delivered as part of the Splunk User Group in Edinburgh in August 2017 Steam: http://productfor.ge/SUGE0817

Dados e análise
1 de 33
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Splunk User Group Edinburgh
© 2017 SPLUNK INC. Recording In Progress Provided by: Product Forge
© 2017 SPLUNK INC. Introduction to Harry McLaren ● Alumnus of Edinburgh Napier ● Senior Security Consultant at ECS ● Leader of the Splunk User Group Edinburgh
© 2017 SPLUNK INC. Introduction to ECS Strategic Splunk Partner - UK – Type: Security / IT Operations / Managed Services – Awards: Splunk Revolution Award & Splunk Partner of the Year
© 2017 SPLUNK INC. Agenda • Housekeeping: Event Overview & House Rules • Splunk and Orchestration - Robert Williamson • Cloud (AWS) Security with Splunk - Harry McLaren • Operation Honey-Splunk - James Rowell - Cancelled
© 2017 SPLUNK INC. Splunk [Official] User Group “The overall goal is to create an authentic, ongoing user group experience for our users, where they contribute and get involved” ● User Lead Technical Discussions ● Sharing Environment ● Build Trust ● No Sales! ● We Have 140 Members!
© 2017 SPLUNK INC. Splunk and Orchestration Robert Williamson
© 2017 SPLUNK INC. Introduction – Robert Williamson ▶ Alumnus of Edinburgh Napier ▶ Security Consultant at ECS ▶ Co-leader of the Splunk User Group Edinburgh
© 2017 SPLUNK INC. ▶ “ Security orchestration is the method of connecting security tools and integrating disparate security systems.” ▶ “It is the connected layer that streamlines security processes and powered security automation” What is orchestration?
© 2017 SPLUNK INC. ▶ Question: Are they the same? ▶ Answer: No… • “The difference between “Automatize” and “Orchestrate” is comparable to the difference between “tasks” and “Processes”. This difference allows us to get the best of each process and the advantage of its combination in a joint execution.” Orchestration v.s. Automation
© 2017 SPLUNK INC. Orchestration Adaptation Develop ment Schedule Monitor Workflow Process Work Flow The “Engine”
© 2017 SPLUNK INC. Splunk Adaptive Response Orchestration the Splunk way The Adaptive Response Initiative: Acalvio, AlgoSec, Anomali, Blue Coat + Symantec, Carbon Black, Cisco, CrowdStrike, CyberArk, Demisto, DomainTools, ForeScout, Fortinet, Okta, OpenDNS, Palo Alto Networks, Phantom, Proofpoint, Qualys, Recorded Future, RedSeal, Resolve Systems, Splunk, Tanium, ThreatConnect, and Ziften.
© 2017 SPLUNK INC. ▶ Splunk as the trigger. Where an alert or event of interest has been established and depending on the alert, a certain path of pre-defined actions will take place, which is then passed to the orchestration tool. ▶ Splunk being queried. Where Splunk becomes the source of contextual information to make a decision based on the results gathered from the orchestration toolset. Splunk with Orchestration
© 2017 SPLUNK INC. Orchestration Tools What is available?
© 2017 SPLUNK INC. Questions?
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You
© 2017 SPLUNK INC. Cloud (AWS) Security with Splunk Harry McLaren
© 2017 SPLUNK INC. ▶ Amazon Web Services Products ▶ Shared Security Model ▶ Built-in Controls/Features ▶ Security Framework/Model ▶ Collection & Use Cases ▶ Splunk Infrastructure ▶ Splunk App for AWS ▶ Demo ▶ Other Clouds ▶ Resources Cloud (AWS) Security with Splunk Agenda
© 2017 SPLUNK INC. 59+ Products (SaaS, PaaS, IaaS)
© 2017 SPLUNK INC. Shared Security Model: Infrastructure Services Such as Amazon EC2, Amazon EBS, and Amazon VPC
© 2017 SPLUNK INC. ▶ Built-in Firewalls ▶ Role-based Access Control ▶ Multi-factor Authentication ▶ Private Subnets ▶ Encrypt Your Data At Rest ▶ Cloud HSM ▶ Dedicated Connections ▶ Security Logs ▶ More… Built-in Controls/Features All Available with AWS
© 2017 SPLUNK INC. Identify Protect Detect Respond Recover Standard Security Approach NIST Cyber Security Framework: Model
© 2017 SPLUNK INC. Detection Processes Security Continuous Monitoring Anomalies & Events Detection NIST Cyber Security Framework: Detect
© 2017 SPLUNK INC. Collection & Use Cases Sourcetypes & Collection Methods Data Sources Use Cases Config + Config Rules • Configuration snapshots and historical configuration data. • Configuration change notifications. • Descriptions of your AWS EC2 instances. • Compliance details, compliance summary, and evaluation. Inspector • Assessment Runs and Findings data from the Inspector service. CloudTrail • Management and change events. CloudWatch • Data from the CloudWatch Logs and VPC logs. • Performance and billing metrics. S3 • Generic log data, access logs from your S3 buckets. • CloudFront and ELB access logs. Kinesis • Data from Kinesis streams. SQS • Generic data from SQS.
© 2017 SPLUNK INC. Build it Yourself Hosted On-Premise or Cloud Based (or Hybrid)
© 2017 SPLUNK INC. As a Service Built and Hosted by Splunk (On AWS)
© 2017 SPLUNK INC. Splunk App for AWS Demo URL
© 2017 SPLUNK INC. Dashboards Alerts Traffic Analysis (VPC, CloudFront, ELB, S3) IAM: Create/Delete Roles Network ACLs IAM: Create/Delete/Update Access Keys Security Groups Instances: Reboot/Stop/Terminate Actions IAM Activity Key Pairs: Create/Delete/Import Key Pairs Key Pairs Activity Unauthorized Actions S3 Data Events VPC: Create/Delete VPC Resource Activity VPC: Create/Delete/Replace Network ACLs User Activity New Non-Compliant Resource Security Anomaly Detection Splunk App for AWS Contains: Dashboards, Reports, Alerts, Inputs, Scripts
© 2017 SPLUNK INC. Microsoft Cloud • Splunk Add-on for Microsoft Cloud Services Google Cloud • Splunk Add-on for Google Cloud Platform Cloud Foundry • Splunk Add-on for Cloud Foundry Clouds Everywhere! What about other peoples Clouds?
© 2017 SPLUNK INC. ▶ Splunk App for AWS (Documentation) ▶ Splunk Add-on for AWS (Documentation) ▶ Splunk with AWS Case Study ▶ AWS Technical Whitepaper ▶ AWS CloudFormation Templates for Splunk Cluster ▶ Deploying Splunk on AWS Whitepaper ▶ AWS CloudTrail with Splunk ▶ Splunk on AWS (Quick Start) ▶ Add-ons for Cloud Foundry, Microsoft Cloud, Google Cloud Resources
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You
© 2017 SPLUNK INC. Get Involved! ● Splunk User Group Edinburgh – https://usergroups.splunk.com/group/splunk-user-group-edinburgh.html – https://www.linkedin.com/groups/12013212 ● Splunk’s Slack Group – Register via https://splunk-usergroups.signup.team/ – Channel: #edinburgh ● Present & Share at the User Group? Connect: ‣ Harry McLaren | harry.mclaren@ecs.co.uk | @cyberharibu ‣ ECS | enquiries@ecs.co.uk | @ECS_Cybersec | ecs.co.uk
© 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You

Recomendados

Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Harry McLaren
 
Getting Started with Splunk Observability September 8, 2021
Getting Started with Splunk Observability September 8, 2021Getting Started with Splunk Observability September 8, 2021
Getting Started with Splunk Observability September 8, 2021Becky Burwell
 
AWS on Splunk, Splunk on AWS
AWS on Splunk, Splunk on AWSAWS on Splunk, Splunk on AWS
AWS on Splunk, Splunk on AWSSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicSnapLogic
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementSplunk
 
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...Sumo Logic
 

Recomendados

Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Harry McLaren
 
Getting Started with Splunk Observability September 8, 2021
Getting Started with Splunk Observability September 8, 2021Getting Started with Splunk Observability September 8, 2021
Getting Started with Splunk Observability September 8, 2021Becky Burwell
 
AWS on Splunk, Splunk on AWS
AWS on Splunk, Splunk on AWSAWS on Splunk, Splunk on AWS
AWS on Splunk, Splunk on AWSSplunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicWebinar: Improve Splunk Analytics and Automate Processes with SnapLogic
Webinar: Improve Splunk Analytics and Automate Processes with SnapLogicSnapLogic
 
Danfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementDanfoss - Splunk for Vulnerability Management
Danfoss - Splunk for Vulnerability ManagementSplunk
 
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...
AWS and Sumo Logic Webinar: Simplify Compliance with Proactive Machine Data A...Sumo Logic
 
Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at AirbusSplunk
 
SplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use CaseSplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use CaseSplunk
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Intermedia Customer Presentation
Intermedia Customer PresentationIntermedia Customer Presentation
Intermedia Customer PresentationSplunk
 
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...Sumo Logic
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...Harry McLaren
 
.conf21 Recommended Sessions
.conf21 Recommended Sessions.conf21 Recommended Sessions
.conf21 Recommended SessionsSplunk
 
Splunk Discovery: Warsaw 2018 - IT Operations Track
Splunk Discovery: Warsaw 2018 - IT Operations TrackSplunk Discovery: Warsaw 2018 - IT Operations Track
Splunk Discovery: Warsaw 2018 - IT Operations TrackSplunk
 
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Harry McLaren
 
SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group Splunk
 
Catch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf OnlineCatch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf OnlineSplunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
Overview of Blue Medora - New Relic Plugin for Nutanix
Overview of Blue Medora - New Relic Plugin for NutanixOverview of Blue Medora - New Relic Plugin for Nutanix
Overview of Blue Medora - New Relic Plugin for NutanixBlue Medora
 
Overview of Blue Medora - New Relic Plugin for Cisco UCS
Overview of Blue Medora - New Relic Plugin for Cisco UCSOverview of Blue Medora - New Relic Plugin for Cisco UCS
Overview of Blue Medora - New Relic Plugin for Cisco UCSBlue Medora
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelSamik Roy
 
Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityElasticsearch
 
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the EnterpriseTechorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the EnterpriseKarl Ots
 
AWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and AutodeskAWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and AutodeskAmazon Web Services
 
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...Cisco DevNet
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsHarry McLaren
 
Clear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkClear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkSplunk
 
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Harry McLaren
 

Mais conteúdo relacionado

Mais procurados

Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at AirbusSplunk
 
SplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use CaseSplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use CaseSplunk
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Intermedia Customer Presentation
Intermedia Customer PresentationIntermedia Customer Presentation
Intermedia Customer PresentationSplunk
 
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...Sumo Logic
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...Harry McLaren
 
.conf21 Recommended Sessions
.conf21 Recommended Sessions.conf21 Recommended Sessions
.conf21 Recommended SessionsSplunk
 
Splunk Discovery: Warsaw 2018 - IT Operations Track
Splunk Discovery: Warsaw 2018 - IT Operations TrackSplunk Discovery: Warsaw 2018 - IT Operations Track
Splunk Discovery: Warsaw 2018 - IT Operations TrackSplunk
 
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Harry McLaren
 
SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group Splunk
 
Catch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf OnlineCatch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf OnlineSplunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
Overview of Blue Medora - New Relic Plugin for Nutanix
Overview of Blue Medora - New Relic Plugin for NutanixOverview of Blue Medora - New Relic Plugin for Nutanix
Overview of Blue Medora - New Relic Plugin for NutanixBlue Medora
 
Overview of Blue Medora - New Relic Plugin for Cisco UCS
Overview of Blue Medora - New Relic Plugin for Cisco UCSOverview of Blue Medora - New Relic Plugin for Cisco UCS
Overview of Blue Medora - New Relic Plugin for Cisco UCSBlue Medora
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelSamik Roy
 
Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityElasticsearch
 
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the EnterpriseTechorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the EnterpriseKarl Ots
 
AWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and AutodeskAWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and AutodeskAmazon Web Services
 
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...Cisco DevNet
 

Mais procurados (19)

Splunk at Airbus
Splunk at AirbusSplunk at Airbus
Splunk at Airbus
 
SplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use CaseSplunkLive! Munich 2018: Siemens Security Use Case
SplunkLive! Munich 2018: Siemens Security Use Case
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
Intermedia Customer Presentation
Intermedia Customer PresentationIntermedia Customer Presentation
Intermedia Customer Presentation
 
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
How McGraw Hill Uses Sumo Logic and AWS for Operational and Security Intellig...
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
 
.conf21 Recommended Sessions
.conf21 Recommended Sessions.conf21 Recommended Sessions
.conf21 Recommended Sessions
 
Splunk Discovery: Warsaw 2018 - IT Operations Track
Splunk Discovery: Warsaw 2018 - IT Operations TrackSplunk Discovery: Warsaw 2018 - IT Operations Track
Splunk Discovery: Warsaw 2018 - IT Operations Track
 
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
 
SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group SplunkLive! Utrecht 2019: NN Group
SplunkLive! Utrecht 2019: NN Group
 
Catch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf OnlineCatch these Sessions on-demand at .conf Online
Catch these Sessions on-demand at .conf Online
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Overview of Blue Medora - New Relic Plugin for Nutanix
Overview of Blue Medora - New Relic Plugin for NutanixOverview of Blue Medora - New Relic Plugin for Nutanix
Overview of Blue Medora - New Relic Plugin for Nutanix
 
Overview of Blue Medora - New Relic Plugin for Cisco UCS
Overview of Blue Medora - New Relic Plugin for Cisco UCSOverview of Blue Medora - New Relic Plugin for Cisco UCS
Overview of Blue Medora - New Relic Plugin for Cisco UCS
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
 
Combining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified ObservabilityCombining Logs, Metrics, and Traces for Unified Observability
Combining Logs, Metrics, and Traces for Unified Observability
 
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the EnterpriseTechorama Belgium 2019 - Building an Azure Governance model for the Enterprise
Techorama Belgium 2019 - Building an Azure Governance model for the Enterprise
 
AWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and AutodeskAWS Webcast - Splunk and Autodesk
AWS Webcast - Splunk and Autodesk
 
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
 

Semelhante a Securing the Enterprise/Cloud with Splunk at the Centre

Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsHarry McLaren
 
Clear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkClear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkSplunk
 
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Harry McLaren
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk
 
SplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by SplunkSplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by SplunkSplunk
 
Splunk und Multi-Cloud
Splunk und Multi-CloudSplunk und Multi-Cloud
Splunk und Multi-CloudSplunk
 
Splunk and Multicloud
Splunk and MulticloudSplunk and Multicloud
Splunk and MulticloudSplunk
 
Splunk and Multicloud
Splunk and Multicloud Splunk and Multicloud
Splunk and Multicloud Splunk
 
Machine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightMachine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightSplunk
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk
 
Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Rafael Santos
 
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Harry McLaren
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsSplunk
 
Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Harry McLaren
 
SplunkLive! Stockholm 2017 - EasyPark Customer Presentation
SplunkLive! Stockholm 2017 - EasyPark Customer PresentationSplunkLive! Stockholm 2017 - EasyPark Customer Presentation
SplunkLive! Stockholm 2017 - EasyPark Customer PresentationSplunk
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 

Semelhante a Securing the Enterprise/Cloud with Splunk at the Centre (20)

Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOps
 
Clear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with SplunkClear the Mist from your Clouds with Splunk
Clear the Mist from your Clouds with Splunk
 
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
 
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics MethodsSplunk Discovery: Milan 2018 - Intro to Security Analytics Methods
Splunk Discovery: Milan 2018 - Intro to Security Analytics Methods
 
SplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by SplunkSplunkLive! London 2017 - DevOps Powered by Splunk
SplunkLive! London 2017 - DevOps Powered by Splunk
 
Splunk und Multi-Cloud
Splunk und Multi-CloudSplunk und Multi-Cloud
Splunk und Multi-Cloud
 
Splunk and Multicloud
Splunk and MulticloudSplunk and Multicloud
Splunk and Multicloud
 
Splunk and Multicloud
Splunk and Multicloud Splunk and Multicloud
Splunk and Multicloud
 
Machine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into InsightMachine Data 101: Turning Data Into Insight
Machine Data 101: Turning Data Into Insight
 
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection ArchitectureSplunk Data Onboarding Overview - Splunk Data Collection Architecture
Splunk Data Onboarding Overview - Splunk Data Collection Architecture
 
Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23Encontro anual para apresentação das novidades da .conf23
Encontro anual para apresentação das novidades da .conf23
 
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applications
 
Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017Splunk Discovery Indianapolis - October 10, 2017
Splunk Discovery Indianapolis - October 10, 2017
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
 
SplunkLive! Stockholm 2017 - EasyPark Customer Presentation
SplunkLive! Stockholm 2017 - EasyPark Customer PresentationSplunkLive! Stockholm 2017 - EasyPark Customer Presentation
SplunkLive! Stockholm 2017 - EasyPark Customer Presentation
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 

Mais de Harry McLaren

Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Harry McLaren
 
Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)Harry McLaren
 
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Harry McLaren
 
SOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsSOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsHarry McLaren
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Harry McLaren
 
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Harry McLaren
 
Lessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberLessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberHarry McLaren
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & ResponseHarry McLaren
 
OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?Harry McLaren
 
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentTSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentHarry McLaren
 
Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Harry McLaren
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Harry McLaren
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Harry McLaren
 
Cyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementCyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementHarry McLaren
 
Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Harry McLaren
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
 
Splunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventSplunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventHarry McLaren
 
Splunk User Group Edinburgh - September Event
Splunk User Group Edinburgh - September EventSplunk User Group Edinburgh - September Event
Splunk User Group Edinburgh - September EventHarry McLaren
 

Mais de Harry McLaren (20)

Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
 
Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)
 
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
 
SOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsSOC Fundamental Roles & Skills
SOC Fundamental Roles & Skills
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)
 
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
 
Lessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberLessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/Cyber
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
 
OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?
 
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentTSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
 
Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
 
Cyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementCyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose Statement
 
Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)Security Meetup Scotland - August 2017 (Deconstructing SIEM)
Security Meetup Scotland - August 2017 (Deconstructing SIEM)
 
Deconstructing SIEM
Deconstructing SIEMDeconstructing SIEM
Deconstructing SIEM
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy Forwarders
 
Splunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventSplunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November Event
 
Splunk User Group Edinburgh - September Event
Splunk User Group Edinburgh - September EventSplunk User Group Edinburgh - September Event
Splunk User Group Edinburgh - September Event
 

Último

Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...amitlee9823
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightDelhi Call girls
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Researchmichael115558
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
Probability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsProbability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsJoseMangaJr1
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...amitlee9823
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxolyaivanovalion
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...amitlee9823
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxolyaivanovalion
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Valters Lauzums
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...SUHANI PANDEY
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 

Último (20)

Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
Anomaly detection and data imputation within time series
Anomaly detection and data imputation within time seriesAnomaly detection and data imputation within time series
Anomaly detection and data imputation within time series
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Predicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science ProjectPredicting Loan Approval: A Data Science Project
Predicting Loan Approval: A Data Science Project
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Probability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter LessonsProbability Grade 10 Third Quarter Lessons
Probability Grade 10 Third Quarter Lessons
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
Edukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFxEdukaciniai dropshipping via API with DroFx
Edukaciniai dropshipping via API with DroFx
 
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
Escorts Service Kumaraswamy Layout ☎ 7737669865☎ Book Your One night Stand (B...
 
Ravak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptxRavak dropshipping via API with DroFx.pptx
Ravak dropshipping via API with DroFx.pptx
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
Sampling (random) method and Non random.ppt
Sampling (random) method and Non random.pptSampling (random) method and Non random.ppt
Sampling (random) method and Non random.ppt
 

Securing the Enterprise/Cloud with Splunk at the Centre

  • 1. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Splunk User Group Edinburgh
  • 2. © 2017 SPLUNK INC. Recording In Progress Provided by: Product Forge
  • 3. © 2017 SPLUNK INC. Introduction to Harry McLaren ● Alumnus of Edinburgh Napier ● Senior Security Consultant at ECS ● Leader of the Splunk User Group Edinburgh
  • 4. © 2017 SPLUNK INC. Introduction to ECS Strategic Splunk Partner - UK – Type: Security / IT Operations / Managed Services – Awards: Splunk Revolution Award & Splunk Partner of the Year
  • 5. © 2017 SPLUNK INC. Agenda • Housekeeping: Event Overview & House Rules • Splunk and Orchestration - Robert Williamson • Cloud (AWS) Security with Splunk - Harry McLaren • Operation Honey-Splunk - James Rowell - Cancelled
  • 6. © 2017 SPLUNK INC. Splunk [Official] User Group “The overall goal is to create an authentic, ongoing user group experience for our users, where they contribute and get involved” ● User Lead Technical Discussions ● Sharing Environment ● Build Trust ● No Sales! ● We Have 140 Members!
  • 7. © 2017 SPLUNK INC. Splunk and Orchestration Robert Williamson
  • 8. © 2017 SPLUNK INC. Introduction – Robert Williamson ▶ Alumnus of Edinburgh Napier ▶ Security Consultant at ECS ▶ Co-leader of the Splunk User Group Edinburgh
  • 9. © 2017 SPLUNK INC. ▶ “ Security orchestration is the method of connecting security tools and integrating disparate security systems.” ▶ “It is the connected layer that streamlines security processes and powered security automation” What is orchestration?
  • 10. © 2017 SPLUNK INC. ▶ Question: Are they the same? ▶ Answer: No… • “The difference between “Automatize” and “Orchestrate” is comparable to the difference between “tasks” and “Processes”. This difference allows us to get the best of each process and the advantage of its combination in a joint execution.” Orchestration v.s. Automation
  • 11. © 2017 SPLUNK INC. Orchestration Adaptation Develop ment Schedule Monitor Workflow Process Work Flow The “Engine”
  • 12. © 2017 SPLUNK INC. Splunk Adaptive Response Orchestration the Splunk way The Adaptive Response Initiative: Acalvio, AlgoSec, Anomali, Blue Coat + Symantec, Carbon Black, Cisco, CrowdStrike, CyberArk, Demisto, DomainTools, ForeScout, Fortinet, Okta, OpenDNS, Palo Alto Networks, Phantom, Proofpoint, Qualys, Recorded Future, RedSeal, Resolve Systems, Splunk, Tanium, ThreatConnect, and Ziften.
  • 13. © 2017 SPLUNK INC. ▶ Splunk as the trigger. Where an alert or event of interest has been established and depending on the alert, a certain path of pre-defined actions will take place, which is then passed to the orchestration tool. ▶ Splunk being queried. Where Splunk becomes the source of contextual information to make a decision based on the results gathered from the orchestration toolset. Splunk with Orchestration
  • 14. © 2017 SPLUNK INC. Orchestration Tools What is available?
  • 15. © 2017 SPLUNK INC. Questions?
  • 16. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You
  • 17. © 2017 SPLUNK INC. Cloud (AWS) Security with Splunk Harry McLaren
  • 18. © 2017 SPLUNK INC. ▶ Amazon Web Services Products ▶ Shared Security Model ▶ Built-in Controls/Features ▶ Security Framework/Model ▶ Collection & Use Cases ▶ Splunk Infrastructure ▶ Splunk App for AWS ▶ Demo ▶ Other Clouds ▶ Resources Cloud (AWS) Security with Splunk Agenda
  • 19. © 2017 SPLUNK INC. 59+ Products (SaaS, PaaS, IaaS)
  • 20. © 2017 SPLUNK INC. Shared Security Model: Infrastructure Services Such as Amazon EC2, Amazon EBS, and Amazon VPC
  • 21. © 2017 SPLUNK INC. ▶ Built-in Firewalls ▶ Role-based Access Control ▶ Multi-factor Authentication ▶ Private Subnets ▶ Encrypt Your Data At Rest ▶ Cloud HSM ▶ Dedicated Connections ▶ Security Logs ▶ More… Built-in Controls/Features All Available with AWS
  • 22. © 2017 SPLUNK INC. Identify Protect Detect Respond Recover Standard Security Approach NIST Cyber Security Framework: Model
  • 23. © 2017 SPLUNK INC. Detection Processes Security Continuous Monitoring Anomalies & Events Detection NIST Cyber Security Framework: Detect
  • 24. © 2017 SPLUNK INC. Collection & Use Cases Sourcetypes & Collection Methods Data Sources Use Cases Config + Config Rules • Configuration snapshots and historical configuration data. • Configuration change notifications. • Descriptions of your AWS EC2 instances. • Compliance details, compliance summary, and evaluation. Inspector • Assessment Runs and Findings data from the Inspector service. CloudTrail • Management and change events. CloudWatch • Data from the CloudWatch Logs and VPC logs. • Performance and billing metrics. S3 • Generic log data, access logs from your S3 buckets. • CloudFront and ELB access logs. Kinesis • Data from Kinesis streams. SQS • Generic data from SQS.
  • 25. © 2017 SPLUNK INC. Build it Yourself Hosted On-Premise or Cloud Based (or Hybrid)
  • 26. © 2017 SPLUNK INC. As a Service Built and Hosted by Splunk (On AWS)
  • 27. © 2017 SPLUNK INC. Splunk App for AWS Demo URL
  • 28. © 2017 SPLUNK INC. Dashboards Alerts Traffic Analysis (VPC, CloudFront, ELB, S3) IAM: Create/Delete Roles Network ACLs IAM: Create/Delete/Update Access Keys Security Groups Instances: Reboot/Stop/Terminate Actions IAM Activity Key Pairs: Create/Delete/Import Key Pairs Key Pairs Activity Unauthorized Actions S3 Data Events VPC: Create/Delete VPC Resource Activity VPC: Create/Delete/Replace Network ACLs User Activity New Non-Compliant Resource Security Anomaly Detection Splunk App for AWS Contains: Dashboards, Reports, Alerts, Inputs, Scripts
  • 29. © 2017 SPLUNK INC. Microsoft Cloud • Splunk Add-on for Microsoft Cloud Services Google Cloud • Splunk Add-on for Google Cloud Platform Cloud Foundry • Splunk Add-on for Cloud Foundry Clouds Everywhere! What about other peoples Clouds?
  • 30. © 2017 SPLUNK INC. ▶ Splunk App for AWS (Documentation) ▶ Splunk Add-on for AWS (Documentation) ▶ Splunk with AWS Case Study ▶ AWS Technical Whitepaper ▶ AWS CloudFormation Templates for Splunk Cluster ▶ Deploying Splunk on AWS Whitepaper ▶ AWS CloudTrail with Splunk ▶ Splunk on AWS (Quick Start) ▶ Add-ons for Cloud Foundry, Microsoft Cloud, Google Cloud Resources
  • 31. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You
  • 32. © 2017 SPLUNK INC. Get Involved! ● Splunk User Group Edinburgh – https://usergroups.splunk.com/group/splunk-user-group-edinburgh.html – https://www.linkedin.com/groups/12013212 ● Splunk’s Slack Group – Register via https://splunk-usergroups.signup.team/ – Channel: #edinburgh ● Present & Share at the User Group? Connect: ‣ Harry McLaren | harry.mclaren@ecs.co.uk | @cyberharibu ‣ ECS | enquiries@ecs.co.uk | @ECS_Cybersec | ecs.co.uk
  • 33. © 2017 SPLUNK INC.© 2017 SPLUNK INC. Thank You

Notas do Editor

  1. The best security operation centers (SOCs) are built on efficiency and speed-to-response. But if you’ve ever worked in a SOC or on a security team, you know it’s tough to get your security systems, tools and teams to integrate in a way that streamlines detection, response, and remediation. One of the most tedious tasks of all is cobbling together alert details to assess if a security event is a real threat, along with correlating data and coordinating the appropriate response. That’s why security tools need to be connected, security processes need to be efficient and as an industry, we need to start working together. As new technologies arrive on the scene every day (IoT, BOYD and continued virtualization of all the things), security teams need a way to become more agile. This is where security orchestration comes in. Orchestration is not a new term by any means. You’ve probably heard of DevOps orchestration, which seeks to automate infrastructure deployments and document ‘infrastructure as code’. Now it’s time to apply this to security processes.
  2. Orchestration is the process of taking a “simple” task and creating a workflow. The basic idea of a workflow is taking the task at hand, breaking it down as much as you can, adding logic along with input(s), then outputting a value that is either an output of the logic, interaction, or possibly a Boolean value. https://www.thinkahead.com/blog/automation-vs-orchestration-what-s-the-difference-and-how-to-pick-the-right-tool/
  3. Showcase: Security Overview Topology Timeline Config Rules Security Anomaly Insights