SlideShare uma empresa Scribd logo

Splunk User Group Edinburgh - September Event

Transferir como PPTX, PDF
H
Harry McLaren

The slides used at our September meet up to cover the topics of large scale Splunk deployments and how to secure Splunk Enterprise.

Tecnologia
1 de 27
Copyright © 2016 Splunk Inc. Splunk User Group Edinburgh Deployment & Security September 2016
Introduction - Harry McLaren 2 ● Alumnus of Edinburgh Napier ● Security Consultant at ECS – Role: Splunk Professional Services & Enablement Lead – Specialism: SIEM & Splunk Architecture Global Splunk Partner Revolution Award - 2016
3
Agenda • Housekeeping: Overview & House Rules • Presentation: Deployment Best Practices • Group Discussion: Deployment Challenges & Solutions • Presentation: Security Best Practices • Group Discussion: Security Challenges & Solutions • Group Discussion: Favourite Use Cases [Optional] 4
[Splunk Official] User Group “The overall goal is to create an authentic, ongoing user group experience for our users, where they contribute and get involved” ● User Lead ● Technical Discussions ● Sharing Environment ● Build Trust (With Community & Splunk) ● No Sales! 5
What Do You Want From A User Group? 6
Deployment Best Practices
Complex Architecture 8 Indexer Universal Forwarder Search Head Cluster Management Forwarder Management Heavy Forwarder
Planning & Design 9 ● High Level Design & Environment Diagram ● High Availability / Load Balancing – Minimum Number of Nodes (SHC x3 / IXC x2-3) – Forwarder Based (AutoLB), Search Heads (Persistent Sessions via Load Balancer) ● Hardware & Storage Requirements – Availability / Retention / Archiving ● Development / Staging Environment ● Environment Orchestration & Configuration – Version Control, Configuration Management, Access Management, Packaging
Pre-Implementation 10 ● Raise Required Changes (Network, Identity, Architecture) ● Validate Connectivity & System Access ● Download Binaries / Licences / Apps – Splunk Software & Splunk Licenses ● Ensure DNS Records Function – IP Addresses Should Be Avoided In Config (Use DNS Records) ● Forwarder Deployment – Engage with Platform Teams – Develop Automation Script (Requires deploymentsclient.conf with DNS Entry)
Implementation 11 ● Build Sequence – Management Layer > Indexer Layer > Search Layer ● Data Source On-boarding Process – Use Case Identification, Data Source Profiling, Develop, Test & Deliver (RTL) ● Utilise Splunk Apps & Add-ons (Free & Premium) – Unix App, Windows Infrastructure App, VM Ware App, Apache App, Etc. ● Bundle Search Objects Into Custom Apps – Breakdown by Business Unit, Grouped Use Cases, Etc. ● Use Splunk Documentation & Splunk Answers for Guidelines
Post-Implementation 12 ● Update Designs / Diagrams (Delivered Implementation) ● Training & Knowledge Sharing – Education Courses (Free / Paid), Community Support & Partner Training ● Identify Splunk Champions – Technical & Business ● Build Business Value – Identify Secondary User Cases ● Build Entitlement Framework – Cost Centre Clawback, Shared Financial Burden, Shared Responsibility
Any Questions? 13
Deployment Challenges & Solutions (Group Discussion)
Deployment Challenges & Solutions 15 ● Example Challenges / Solutions: – Source Data Access ‣ Early SME Engagement & EventGen App? – Hardware Challenges ‣ Develop Deployment Config in the Cloud? ● Discussion Time Limit: 15mins
Security Best Practices
Pre-Install Hardening & Validation 17 ● Secure Operating System Pre-Installation ● Industry Standard Guidelines – Centre For Internet Security (CIS) - Security Benchmarks ● Create Splunk Specific User/Group with Relevant Permissions – Ensure Splunk Doesn’t Run as ‘Administrator’ or ‘Root’ ● Verify Integrity of Binaries (Checksum Hash / Signature)
Implementation Hardening 18 ● User Authentication & Role-Based Access Control ● Transport Encryption & Authentication (TLS) ● Secure Password Deployment – Shared splunk.secret / Hashed Passwords in Deployment Apps ● Access Control Lists – Simple IP/DNS Whitelisting or Blacklisting ● Disable Unnecessary Splunk Components (Splunk Web / REST Port) ● Configuration Change Monitoring via Splunk
Monitoring Environment (Security & IT Ops) 19 ● Collect Local Operating System Hosts Logs / Report on Anomalies – Security, Access, Application, Configuration, Patching & Performance ● Forward All Splunk’s Internal Logs into Indexers ● Splunk Crafted Reporting for ‘Splunk’ (Previously: Splunk on Splunk) – Indexing Performance, Search Performance, Search Activity, Missing Forwarders ● Report On Users Attempting to Search Restricted Indexes ● Use Data Integrity Checking & Monitor Exceptions
Any Questions? 20
Security Challenges & Solutions (Group Discussion)
Security Challenges & Solutions 22 ● Example Security Challenges: – Easier Implementation of Transport Encryption (TLS)? ‣ Scripted Certification Generation & Deployment via App – How to Segment Data? ‣ According to Business Unit or Use Case (via Indexes) ● Discussion Time Limit: 15mins
Favourite Use Cases (Group Discussion)
Favourite Use Cases 24 ● Example Use Cases: – Self Healing with ServiceNow Integration with Ansible – IT Operational Monitoring with IT Service Intelligence (Glass Tables) – Malicious Behaviour Detection with Entropy Analysis on DNS Logs ● Discussion Time Limit: 15mins
Updates Announced at .conf 2016 ● Introducing Splunk Enterprise 6.5 - Available Now ‣ Splunk ML Toolkit – a guided workbench and SPL extensions to help you create and operationalize your own custom analytics based on your choice of algorithms. ‣ Tables, a new feature that lets you create and analyse tabular data views without using SPL. ‣ Hadoop Data Roll give you another way to reduce historical data storage costs while keeping full search capability. ● New Releases (General Availability October 2016): – Splunk Enterprise Security [Minor Release] – Splunk IT Service Intelligence [Major Release] – Splunk User Behaviour Analytics [Major Release] 25
Get Involved! ● Splunk User Group Edinburgh – https://usergroups.splunk.com/group/splunk-user-group-edinburgh.html ● Splunk’s Slack Group – Register via www.splunk402.com/chat – Channel: #edinburgh ● Present & Share at the User Group? Connect: ‣ Harry McLaren | harry.mclaren@ecs.co.uk | @cyberharibu | harrymclaren.co.uk ‣ ECS | enquiries@ecs.co.uk | @ECS_IT | ecs.co.uk 26
Thank You

Recomendados

Splunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventSplunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventHarry McLaren
 
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Harry McLaren
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
 
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Harry McLaren
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk
 
SplunkLive! Customer Presentation – Covance Inc"
SplunkLive! Customer Presentation – Covance Inc"SplunkLive! Customer Presentation – Covance Inc"
SplunkLive! Customer Presentation – Covance Inc"Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
SplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunk
 

Recomendados

Splunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventSplunk User Group Edinburgh - November Event
Splunk User Group Edinburgh - November EventHarry McLaren
 
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics
Building Splunk Apps, Development Paths with Splunk & User Behaviour Analytics Harry McLaren
 
Splunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersSplunk Dashboarding & Universal Vs. Heavy Forwarders
Splunk Dashboarding & Universal Vs. Heavy ForwardersHarry McLaren
 
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...
Supporting Splunk at Scale, Splunking at Home & Introduction to Enterprise Se...Harry McLaren
 
Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk in the Cisco Unified Computing System (UCS)
Splunk in the Cisco Unified Computing System (UCS) Splunk
 
SplunkLive! Customer Presentation – Covance Inc"
SplunkLive! Customer Presentation – Covance Inc"SplunkLive! Customer Presentation – Covance Inc"
SplunkLive! Customer Presentation – Covance Inc"Splunk
 
Data Onboarding Breakout Session
Data Onboarding Breakout SessionData Onboarding Breakout Session
Data Onboarding Breakout SessionSplunk
 
SplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunkLive! Customer Presentation - Staples
SplunkLive! Customer Presentation - StaplesSplunk
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console Splunk
 
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationSplunk
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnSplunk
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console Splunk
 
Monitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and BeyondMonitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and BeyondSplunk
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for DevelopersSplunk
 
Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5Splunk
 
Distributed Management Console
Distributed Management ConsoleDistributed Management Console
Distributed Management ConsoleSplunk
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionSplunk
 
Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk
 
University of Alberta Customer Presentation
University of Alberta Customer PresentationUniversity of Alberta Customer Presentation
University of Alberta Customer PresentationSplunk
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure MonitorPedro Sousa
 
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout SessionMonitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout SessionSplunk
 
WestJet Customer Presentation
WestJet Customer PresentationWestJet Customer Presentation
WestJet Customer PresentationSplunk
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackElasticsearch
 
SplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettleSplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettleSplunk
 
splunk power user certification
splunk power user certificationsplunk power user certification
splunk power user certificationAnand Sunder
 
Taking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to SplunkTaking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to SplunkSplunk
 

Mais conteúdo relacionado

Mais procurados

Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console Splunk
 
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationSplunk
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnSplunk
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionSplunk
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console Splunk
 
Monitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and BeyondMonitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and BeyondSplunk
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for DevelopersSplunk
 
Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5Splunk
 
Distributed Management Console
Distributed Management ConsoleDistributed Management Console
Distributed Management ConsoleSplunk
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionSplunk
 
Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk
 
University of Alberta Customer Presentation
University of Alberta Customer PresentationUniversity of Alberta Customer Presentation
University of Alberta Customer PresentationSplunk
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure MonitorPedro Sousa
 
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout SessionMonitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout SessionSplunk
 
WestJet Customer Presentation
WestJet Customer PresentationWestJet Customer Presentation
WestJet Customer PresentationSplunk
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackElasticsearch
 
SplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettleSplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettleSplunk
 

Mais procurados (20)

Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
 
Splunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search DojoSplunk Ninjas: New Features, Pivot, and Search Dojo
Splunk Ninjas: New Features, Pivot, and Search Dojo
 
Customer Presentation - Financial Services Organization
Customer Presentation - Financial Services OrganizationCustomer Presentation - Financial Services Organization
Customer Presentation - Financial Services Organization
 
Getting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-OnGetting Started with Splunk Enterprise Hands-On
Getting Started with Splunk Enterprise Hands-On
 
Taking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout SessionTaking Splunk to the Next Level - Architecture Breakout Session
Taking Splunk to the Next Level - Architecture Breakout Session
 
Splunk Distributed Management Console
Splunk Distributed Management Console Splunk Distributed Management Console
Splunk Distributed Management Console
 
Monitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and BeyondMonitoring Splunk: S.o.S, DMC, and Beyond
Monitoring Splunk: S.o.S, DMC, and Beyond
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
 
Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5Webinar: Was ist neu in Splunk Enterprise 6.5
Webinar: Was ist neu in Splunk Enterprise 6.5
 
Distributed Management Console
Distributed Management ConsoleDistributed Management Console
Distributed Management Console
 
Advanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout SessionAdvanced Use Cases for Analytics Breakout Session
Advanced Use Cases for Analytics Breakout Session
 
Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk Machine Learning + Analytics in Splunk
Machine Learning + Analytics in Splunk
 
Splunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search DojoSplunk Ninjas: New Features and Search Dojo
Splunk Ninjas: New Features and Search Dojo
 
University of Alberta Customer Presentation
University of Alberta Customer PresentationUniversity of Alberta Customer Presentation
University of Alberta Customer Presentation
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure Monitor
 
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout SessionMonitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
Monitoring Splunk: S.o.S, DMC, and Beyond Breakout Session
 
WestJet Customer Presentation
WestJet Customer PresentationWestJet Customer Presentation
WestJet Customer Presentation
 
Reinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic StackReinventing enterprise defense with the Elastic Stack
Reinventing enterprise defense with the Elastic Stack
 
SplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettleSplunkLive! Stockholm 2016 - iZettle
SplunkLive! Stockholm 2016 - iZettle
 

Destaque

splunk power user certification
splunk power user certificationsplunk power user certification
splunk power user certificationAnand Sunder
 
Taking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to SplunkTaking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to SplunkSplunk
 
SPLUNK Power User Certification
SPLUNK Power User CertificationSPLUNK Power User Certification
SPLUNK Power User CertificationCesar Cobena
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentationjpelletier123
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 

Destaque (6)

splunk power user certification
splunk power user certificationsplunk power user certification
splunk power user certification
 
Taking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to SplunkTaking Splunk to the Next Level - New to Splunk
Taking Splunk to the Next Level - New to Splunk
 
SPLUNK Power User Certification
SPLUNK Power User CertificationSPLUNK Power User Certification
SPLUNK Power User Certification
 
Splunk
SplunkSplunk
Splunk
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 

Semelhante a Splunk User Group Edinburgh - September Event

Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionSplunk
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for DevelopersSplunk
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DaySplunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DayZivaro Inc
 
Best Practices for a CoE
Best Practices for a CoEBest Practices for a CoE
Best Practices for a CoESplunk
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk
 
Splunk for Developers Breakout Session
Splunk for Developers Breakout SessionSplunk for Developers Breakout Session
Splunk for Developers Breakout SessionSplunk
 
SplunkLive! Seattle - Splunk for Developers
SplunkLive! Seattle - Splunk for DevelopersSplunkLive! Seattle - Splunk for Developers
SplunkLive! Seattle - Splunk for DevelopersGrigori Melnik
 
Splunk for Developers Breakout Session
Splunk for Developers Breakout SessionSplunk for Developers Breakout Session
Splunk for Developers Breakout SessionSplunk
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerSplunk
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for DevelopersSplunk
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionSplunk
 
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentTSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentHarry McLaren
 
GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayZivaro Inc
 
Calgary-Splunk-User-Group-March-2023.pdf
Calgary-Splunk-User-Group-March-2023.pdfCalgary-Splunk-User-Group-March-2023.pdf
Calgary-Splunk-User-Group-March-2023.pdfPremDomingo
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk CloudSplunk
 
SplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - UnicreditSplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - UnicreditSplunk
 

Semelhante a Splunk User Group Edinburgh - September Event (20)

Getting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout SessionGetting Started with Splunk Enterprise Hands-On Breakout Session
Getting Started with Splunk Enterprise Hands-On Breakout Session
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
 
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech DaySplunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
Splunk Fundamentals: Investigations with Core Splunk - Splunk Tech Day
 
Best Practices for a CoE
Best Practices for a CoEBest Practices for a CoE
Best Practices for a CoE
 
Splunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout SessionSplunk and Cisco UCS Breakout Session
Splunk and Cisco UCS Breakout Session
 
Splunk for Developers Breakout Session
Splunk for Developers Breakout SessionSplunk for Developers Breakout Session
Splunk for Developers Breakout Session
 
SplunkLive! Seattle - Splunk for Developers
SplunkLive! Seattle - Splunk for DevelopersSplunkLive! Seattle - Splunk for Developers
SplunkLive! Seattle - Splunk for Developers
 
Splunk for Developers Breakout Session
Splunk for Developers Breakout SessionSplunk for Developers Breakout Session
Splunk for Developers Breakout Session
 
Taking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - ManagerTaking Splunk to the Next Level - Manager
Taking Splunk to the Next Level - Manager
 
Splunk for Developers
Splunk for DevelopersSplunk for Developers
Splunk for Developers
 
Getting Started with Splunk Breakout Session
Getting Started with Splunk Breakout SessionGetting Started with Splunk Breakout Session
Getting Started with Splunk Breakout Session
 
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk DevelopmentTSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
TSTAS, the Life of a Splunk Trainer and using DevOps in Splunk Development
 
GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech Day
 
Calgary-Splunk-User-Group-March-2023.pdf
Calgary-Splunk-User-Group-March-2023.pdfCalgary-Splunk-User-Group-March-2023.pdf
Calgary-Splunk-User-Group-March-2023.pdf
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
Splunk Cloud
Splunk CloudSplunk Cloud
Splunk Cloud
 
SplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - UnicreditSplunkLive! Milano 2016 - customer presentation - Unicredit
SplunkLive! Milano 2016 - customer presentation - Unicredit
 

Mais de Harry McLaren

Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Harry McLaren
 
Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)Harry McLaren
 
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Harry McLaren
 
SOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsSOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsHarry McLaren
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Harry McLaren
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Harry McLaren
 
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Harry McLaren
 
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Harry McLaren
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsHarry McLaren
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...Harry McLaren
 
Lessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberLessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberHarry McLaren
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & ResponseHarry McLaren
 
OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?Harry McLaren
 
Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Harry McLaren
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Harry McLaren
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Harry McLaren
 
Cyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementCyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementHarry McLaren
 
Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Harry McLaren
 
Securing the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the CentreSecuring the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the CentreHarry McLaren
 

Mais de Harry McLaren (20)

Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
 
Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)Becoming a Defender (Blue Teams FTW!)
Becoming a Defender (Blue Teams FTW!)
 
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
Virtual Splunk User Group - Phantom Workbook Automation & Threat Hunting with...
 
SOC Fundamental Roles & Skills
SOC Fundamental Roles & SkillsSOC Fundamental Roles & Skills
SOC Fundamental Roles & Skills
 
Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)Hunting Hard & Failing Fast (ScotSoft 2019)
Hunting Hard & Failing Fast (ScotSoft 2019)
 
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
Splunk Phantom, the Endpoint Data Model & Splunk Security Essentials App!
 
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore) Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
Collecting AWS Logs & Introducing Splunk New S3 Compatible Storage (SmartStore)
 
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
Using Metrics for Fun, Developing with the KV Store + Javascript & News from ...
 
Splunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOpsSplunk .conf18 Updates, Config Add-on, SplDevOps
Splunk .conf18 Updates, Config Add-on, SplDevOps
 
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
SplDevOps: Making Splunk Development a Breeze With a Deep Dive on DevOps' Con...
 
Lessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/CyberLessons on Human Vulnerability within InfoSec/Cyber
Lessons on Human Vulnerability within InfoSec/Cyber
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
 
OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?OWASP - Analyst, Engineer or Consultant?
OWASP - Analyst, Engineer or Consultant?
 
Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?Cyber Scotland Connect: What is Security Engineering?
Cyber Scotland Connect: What is Security Engineering?
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 2)
 
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
Cyber Scotland Connect: Getting into Cybersecurity (Deck 1)
 
Cyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose StatementCyber Scotland Connect: Welcome & Purpose Statement
Cyber Scotland Connect: Welcome & Purpose Statement
 
Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements Latest Updates to Splunk from .conf 2017 Announcements
Latest Updates to Splunk from .conf 2017 Announcements
 
Securing the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the CentreSecuring the Enterprise/Cloud with Splunk at the Centre
Securing the Enterprise/Cloud with Splunk at the Centre
 

Último

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 

Último (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

Splunk User Group Edinburgh - September Event

  • 1. Copyright © 2016 Splunk Inc. Splunk User Group Edinburgh Deployment & Security September 2016
  • 2. Introduction - Harry McLaren 2 ● Alumnus of Edinburgh Napier ● Security Consultant at ECS – Role: Splunk Professional Services & Enablement Lead – Specialism: SIEM & Splunk Architecture Global Splunk Partner Revolution Award - 2016
  • 3. 3
  • 4. Agenda • Housekeeping: Overview & House Rules • Presentation: Deployment Best Practices • Group Discussion: Deployment Challenges & Solutions • Presentation: Security Best Practices • Group Discussion: Security Challenges & Solutions • Group Discussion: Favourite Use Cases [Optional] 4
  • 5. [Splunk Official] User Group “The overall goal is to create an authentic, ongoing user group experience for our users, where they contribute and get involved” ● User Lead ● Technical Discussions ● Sharing Environment ● Build Trust (With Community & Splunk) ● No Sales! 5
  • 6. What Do You Want From A User Group? 6
  • 9. Planning & Design 9 ● High Level Design & Environment Diagram ● High Availability / Load Balancing – Minimum Number of Nodes (SHC x3 / IXC x2-3) – Forwarder Based (AutoLB), Search Heads (Persistent Sessions via Load Balancer) ● Hardware & Storage Requirements – Availability / Retention / Archiving ● Development / Staging Environment ● Environment Orchestration & Configuration – Version Control, Configuration Management, Access Management, Packaging
  • 10. Pre-Implementation 10 ● Raise Required Changes (Network, Identity, Architecture) ● Validate Connectivity & System Access ● Download Binaries / Licences / Apps – Splunk Software & Splunk Licenses ● Ensure DNS Records Function – IP Addresses Should Be Avoided In Config (Use DNS Records) ● Forwarder Deployment – Engage with Platform Teams – Develop Automation Script (Requires deploymentsclient.conf with DNS Entry)
  • 11. Implementation 11 ● Build Sequence – Management Layer > Indexer Layer > Search Layer ● Data Source On-boarding Process – Use Case Identification, Data Source Profiling, Develop, Test & Deliver (RTL) ● Utilise Splunk Apps & Add-ons (Free & Premium) – Unix App, Windows Infrastructure App, VM Ware App, Apache App, Etc. ● Bundle Search Objects Into Custom Apps – Breakdown by Business Unit, Grouped Use Cases, Etc. ● Use Splunk Documentation & Splunk Answers for Guidelines
  • 12. Post-Implementation 12 ● Update Designs / Diagrams (Delivered Implementation) ● Training & Knowledge Sharing – Education Courses (Free / Paid), Community Support & Partner Training ● Identify Splunk Champions – Technical & Business ● Build Business Value – Identify Secondary User Cases ● Build Entitlement Framework – Cost Centre Clawback, Shared Financial Burden, Shared Responsibility
  • 15. Deployment Challenges & Solutions 15 ● Example Challenges / Solutions: – Source Data Access ‣ Early SME Engagement & EventGen App? – Hardware Challenges ‣ Develop Deployment Config in the Cloud? ● Discussion Time Limit: 15mins
  • 17. Pre-Install Hardening & Validation 17 ● Secure Operating System Pre-Installation ● Industry Standard Guidelines – Centre For Internet Security (CIS) - Security Benchmarks ● Create Splunk Specific User/Group with Relevant Permissions – Ensure Splunk Doesn’t Run as ‘Administrator’ or ‘Root’ ● Verify Integrity of Binaries (Checksum Hash / Signature)
  • 18. Implementation Hardening 18 ● User Authentication & Role-Based Access Control ● Transport Encryption & Authentication (TLS) ● Secure Password Deployment – Shared splunk.secret / Hashed Passwords in Deployment Apps ● Access Control Lists – Simple IP/DNS Whitelisting or Blacklisting ● Disable Unnecessary Splunk Components (Splunk Web / REST Port) ● Configuration Change Monitoring via Splunk
  • 19. Monitoring Environment (Security & IT Ops) 19 ● Collect Local Operating System Hosts Logs / Report on Anomalies – Security, Access, Application, Configuration, Patching & Performance ● Forward All Splunk’s Internal Logs into Indexers ● Splunk Crafted Reporting for ‘Splunk’ (Previously: Splunk on Splunk) – Indexing Performance, Search Performance, Search Activity, Missing Forwarders ● Report On Users Attempting to Search Restricted Indexes ● Use Data Integrity Checking & Monitor Exceptions
  • 22. Security Challenges & Solutions 22 ● Example Security Challenges: – Easier Implementation of Transport Encryption (TLS)? ‣ Scripted Certification Generation & Deployment via App – How to Segment Data? ‣ According to Business Unit or Use Case (via Indexes) ● Discussion Time Limit: 15mins
  • 24. Favourite Use Cases 24 ● Example Use Cases: – Self Healing with ServiceNow Integration with Ansible – IT Operational Monitoring with IT Service Intelligence (Glass Tables) – Malicious Behaviour Detection with Entropy Analysis on DNS Logs ● Discussion Time Limit: 15mins
  • 25. Updates Announced at .conf 2016 ● Introducing Splunk Enterprise 6.5 - Available Now ‣ Splunk ML Toolkit – a guided workbench and SPL extensions to help you create and operationalize your own custom analytics based on your choice of algorithms. ‣ Tables, a new feature that lets you create and analyse tabular data views without using SPL. ‣ Hadoop Data Roll give you another way to reduce historical data storage costs while keeping full search capability. ● New Releases (General Availability October 2016): – Splunk Enterprise Security [Minor Release] – Splunk IT Service Intelligence [Major Release] – Splunk User Behaviour Analytics [Major Release] 25
  • 26. Get Involved! ● Splunk User Group Edinburgh – https://usergroups.splunk.com/group/splunk-user-group-edinburgh.html ● Splunk’s Slack Group – Register via www.splunk402.com/chat – Channel: #edinburgh ● Present & Share at the User Group? Connect: ‣ Harry McLaren | harry.mclaren@ecs.co.uk | @cyberharibu | harrymclaren.co.uk ‣ ECS | enquiries@ecs.co.uk | @ECS_IT | ecs.co.uk 26

Notas do Editor

  1. Splunk Architecture - Development): http://www.splunk.com/view/SP-CAAABF9 Splunk Enterprise Architecture & Processes: https://docs.splunk.com/Documentation/Splunk/6.5.0/Installation/Splunksarchitectureandwhatgetsinstalled
  2. High availability deployment - Indexer cluster: http://docs.splunk.com/Documentation/Splunk/6.5.0/Deploy/Indexercluster Design considerations: http://docs.splunk.com/Documentation/Splunk/6.5.0/Deploy/Deploymentcharacteristics#Design_considerations Set up load balancing: http://docs.splunk.com/Documentation/Splunk/6.5.0/Forwarding/Setuploadbalancingd Use a load balancer with search head clustering: http://docs.splunk.com/Documentation/Splunk/6.5.0/DistSearch/UseSHCwithloadbalancers Reference hardware: http://docs.splunk.com/Documentation/Splunk/6.5.0/Capacity/Referencehardware Estimate your storage requirements: http://docs.splunk.com/Documentation/Splunk/6.5.0/Capacity/Estimateyourstoragerequirements How Splunk Enterprise calculates disk storage: http://docs.splunk.com/Documentation/Splunk/6.5.0/Capacity/HowSplunkcalculatesdiskstorage
  3. Universal forwarder system requirements: http://docs.splunk.com/Documentation/Forwarder/6.5.0/Forwarder/Systemrequirements Install a Windows universal forwarder remotely with a static configuration: http://docs.splunk.com/Documentation/Forwarder/6.5.0/Forwarder/InstallaWindowsuniversalforwarderremotelywithastaticconfiguration Install a *nix universal forwarder remotely with a static configuration: http://docs.splunk.com/Documentation/Forwarder/6.5.0/Forwarder/Installanixuniversalforwarderremotelywithastaticconfiguration
  4. Splunk Apps: https://splunkbase.splunk.com/ Splunk Docs: http://docs.splunk.com/ Splunk Answers: https://answers.splunk.com/
  5. Splunk Education: http://www.splunk.com/view/education/SP-CAAAAH9 Use Cases: https://www.splunk.com/en_us/solutions/solution-areas.html
  6. Centre For Internet Security: https://benchmarks.cisecurity.org/ Run Splunk Enterprise as a different or non-root user: https://docs.splunk.com/Documentation/Splunk/6.5.0/Installation/RunSplunkasadifferentornon-rootuser Securing Splunk Enterprise: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/WhatyoucansecurewithSplunk
  7. Use access control to secure Splunk data: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/UseaccesscontroltosecureSplunkdata About securing Splunk Enterprise with SSL: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/AboutsecuringyourSplunkconfigurationwithSSL Deploy secure passwords across multiple servers: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/Deploysecurepasswordsacrossmultipleservers Use Access Control Lists: http://docs.splunk.com/Documentation/Splunk/6.5.0/Security/Useaccesscontrollists
  8. What Splunk software logs about itself: http://docs.splunk.com/Documentation/Splunk/6.5.0/Troubleshooting/WhatSplunklogsaboutitself