SplunkLive! Customer Presentation - Cisco Systems, Inc.

•

4 gostaram•2,082 visualizações

This document discusses using Splunk as a security information and event management (SIEM) tool. It describes how Cisco's Computer Security Incident Response Team (CSIRT) uses Splunk to monitor over 1 terabyte of log data per day across Cisco's global operations. The document contrasts old approaches that relied on vendor-provided reports with new approaches like hunting for threats by building custom queries. It emphasizes an iterative process of filtering, refining queries to find bad traffic and saving reusable searches to automate threat detection.

Tecnologia

Copyright © 2013 Splunk Inc.
Splunk the SIEM
Jeff Bollinger 0x506682C5
Technical Leader and Infosec Investigator:
CSIRT
Cisco Systems, Inc.
https://blogs.cisco.com/author/jeffbollinger/
https://twitter.com/jeffbollinger

About Me...
• Cisco Computer Security Incident Response Team (CSIRT)
• CSIRT = Security Monitoring and Incident Response
• Architecture, Engineering, Research, and Investigations
• Enterprise global threat and 24x7 incident response

The Numb3rs
• Cisco Systems Inc.:
– 100 countries
– 130,000 employees (with laptops and phones)
– 150,000 servers of all types
– 40,000 routers
– 1,500 labs
– 1 CSIRT analyst for every 7,000 employees

The Numb3rs
Cisco indexes almost 1Tb of log data per day

Incident Response Basics
• What am I trying to protect?
• What are the threats?
• > How do I detect them?
• How do we respond?

Out With The Old
• You don’t know what you don’t
know
• Buy and trust a SIEM to run
canned reports
• Wait for updates from the vendor
• Try to edit/create custom reports
• Build your own collection infrastructure
• Data-centric approach
• Build your own reports
• Research your own intelligence
• Operationalize and optimize!
The Old Way The New Way

playbook |ˈplāˈbŏk|
(noun)
A prescriptive collection of repeatable
queries (reports) against security event data
sources that lead to incident detection and
response.
Analyze: SIEM

A Note on Strategy
Hunting vs. Gathering

Hunting: Build a Query – Find Bad Stuff
• Start with the obvious and simple:
index=wsa earliest=-24h x_wbrs_score=ns
English translation: Splunk, look at our web proxy
logs over the past 24 hours, and give me all the
web sites (objects) that had no known reputation
score.

Hunting: Build a Query – Find Bad Stuff
index=wsa earliest=-24h x_wbrs_score=ns
Let me stop you right there…

Hunting: Build a Query – Find Bad Stuff
• Filter based on unique attributes:
index=wsa earliest=-24h x_wbrs_score=ns |where isnull(cs_referer)
English translation: Splunk, look at our web proxy
logs over the past 24 hours, and give me all the
web sites (objects) that had no known reputation
score, and there was no HTTP referrer.

Hunting: Build a Query – Find Bad Stuff
index=wsa earliest=-24h x_wbrs_score=ns | where isnull(cs_referer)
Ok getting better, sort of…

Hunting: Build a Query – Find Bad Stuff
• Filter, refine, filter, refine:
index=wsa earliest=-24h application/x-dosexec ns GET 200 x_wbrs_score=ns
cs_method=GET sc_http_status=200 cs_mime_type=application/x-dosexec (java OR
MSIE) NOT (mirror OR cdn) | where isnull(cs_referer)
English translation: Splunk, query our web proxy logs over the past
24 hours, and give me all the web sites (objects) that had no known
reputation score, and there was no HTTP referrer, where either Java
or Internet Explorer successfully downloaded an executable file
from a site that didn’t have ‘mirror’ or ‘CDN’ in the URL.

Hunting: Build a Query – Find Bad Stuff
Here we go!
index=wsa earliest=-24h application/x-dosexec ns GET 200 x_wbrs_score=ns
cs_method=GET sc_http_status=200 cs_mime_type=application/x-dosexec (java OR
MSIE) NOT (mirror OR cdn) | where isnull(cs_referer)

Gathering: Build a Query – Find Bad
Stuff
If you can find or create a re-usable pattern, you
can save a search, make a report, and automate!
16

$Gathering: Build a Query – Find Bad Stuff For example: this query will detect the Tracur clickfraud trojan: index=wsa earliest=-6h@h m cs_url="*/m/*” MSIE (NOT (cs_referer="*")) | regex cs_url="^http://(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0- 9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/m/[A-Za-z0- 9/+]{50,1000}$" http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3aWin32%2fTracur$

Do It Yourself
• Once you have:
• Solid, repeatable, saved searches
• Research and intelligence gathering
• Consistent handling procedures
• Documentation and tuning
• You have your own SIEM, running in Splunk, and
completely custom to your organization

Mais conteúdo relacionado

Mais procurados

Getting Started with Splunk Enterprise

Splunk

Data Onboarding Breakout Session

Splunk

Getting Started with Splunk Enterprise

Shannon Cuthbertson

SplunkLive! Customer Presentation – athenahealth

Splunk

Splunk Enterprise 6.5 bietet fundamentale Weiterentwicklungen im Bereich Machine Learning, Datenanalysen, Plattform Management und ist damit im Betrieb kostengünstiger. In unserem Webinar zeigen wir Ihnen eine Produktdemo und Sie erfahren folgendes: - Nutzen Sie Machine Learning, um vorherzusagen, aufzudecken und das zu verhindern, was für Ihr Unternehmen am wichtigsten ist - Verwenden Sie Tabellen, um Daten vorzubereiten und zu analysieren, ohne die Splunk Suchsprache (SPL) zu nutzen - Senken Sie die Speicherkosten, indem Sie historische Daten zu Hadoop auslagern - Nutzen Sie kostenlose Entwickler/Testlizenzen, um neue Datenquellen und Anwendungsfälle zu erforschen - Verarbeiten Sie kritische Daten ohne Unterbrechung, da im Lizenzmodell die Sperre der Suche bei Lizenzüberschreitungen entfernt wurde Die aktuelle Version von Splunk Enterprise 6.5 hilft Ihnen dabei, den Mehrwert aus Ihren Daten und Ihrer Investition in Splunk zu maximieren. Mit den neuen Features sind Big Data Analysen noch kostengünstiger und einfacher geworden. Überzeugen Sie sich selbst in unserem Webinar.

Webinar: Was ist neu in Splunk Enterprise 6.5

Splunk

Intermedia Customer Presentation

Splunk

SplunkLive! Customer Presentation - Cardinal Health

Splunk

Here’s your chance to get hands-on with Splunk for the first time! Bring your modern Mac, Windows, or Linux laptop and we’ll go through a simple install of Splunk. Then, we’ll load some sample data, and see Splunk in action – we’ll cover searching, pivot, reporting, alerting, and dashboard creation. At the end of this session, you’ll have a hands-on understanding of the pieces that make up the Splunk Platform, how it works, and how it fits in the landscape of Big Data. You’ll experience practical examples that differentiate Splunk while demonstrating how to gain quick time to value.

Getting Started with Splunk Enterprise Hands-On

Splunk

SplunkLive! Customer Presentation - ExxonMobil

Splunk

Cisco UCS and Splunk Workshop

Robb Boyd

Splunk Enterprise for InfoSec Hands-On Breakout Session

Splunk

Taking Splunk to the Next Level - Manager

Splunk

Getting Started with Splunk Enterprise Hands-On

Splunk

Getting Started with Splunk Enterprise

Splunk

AWS Loft London: Finding the signal in the noise - Effective SecOps with Soph...

Splunk

Splunk provee Inteligencia operativa para todos Splunk es la plataforma de inteligencia operativa en tiempo real líder del sector. Es una forma fácil, rápida y segura de buscar, analizar y visualizar los grandes flujos de datos de máquina generados por sus sistemas de TI e infraestructura tecnológica (físicos, virtuales y en la nube). Splunk Enterprise 6 es la versión más reciente y proporciona: - Análisis potente para todos los usuarios a velocidades sorprendentes - Experiencia de usuario completamente rediseñada - Entorno del desarrollador más enriquecido para una ampliación fácil de la plataforma Splunk Enterprise 6 ya está disponible. Descárguelo ahora y pruébelo usted mismo.

Splunk Sales Presentation Imagemaker 2014

Urena Nicolas

SplunkLive! Customer Presentation - Penn State Hershey Medical Center

Splunk

Drive more value through data source and use case optimization

Splunk

Splunk live! customer presentation – zoosk

Splunk

Splunk at Weill Cornell Medical College

Splunk

Mais procurados (20)

Getting Started with Splunk Enterprise

Data Onboarding Breakout Session

Getting Started with Splunk Enterprise

SplunkLive! Customer Presentation – athenahealth

Webinar: Was ist neu in Splunk Enterprise 6.5

Intermedia Customer Presentation

SplunkLive! Customer Presentation - Cardinal Health

Getting Started with Splunk Enterprise Hands-On

SplunkLive! Customer Presentation - ExxonMobil

Cisco UCS and Splunk Workshop

Splunk Enterprise for InfoSec Hands-On Breakout Session

Taking Splunk to the Next Level - Manager

Getting Started with Splunk Enterprise Hands-On

Getting Started with Splunk Enterprise

AWS Loft London: Finding the signal in the noise - Effective SecOps with Soph...

Splunk Sales Presentation Imagemaker 2014

SplunkLive! Customer Presentation - Penn State Hershey Medical Center

Drive more value through data source and use case optimization

Splunk live! customer presentation – zoosk

Splunk at Weill Cornell Medical College

Destaque

SplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk

Splunk

Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017

Splunk

Danfoss - Splunk for Vulnerability Management

Splunk

Splunk at Scotiabank

Splunk

SplunkLive! Customer Presentation--ServiceNow

Splunk

Splunk Forum Financial Services Chicago 9/13/17

Splunk

SplunkLive! Milano 2016 - customer presentation - Unicredit

Splunk

There is often too much data to be able to understand it all by hand, and often it is difficult to see the interesting trees in the forest of data. Machine learning gives us an opportunity to get computers to do this heavy lifting, and present us with key actions for operations. Machine learning has many applications across a wide variety of fields – here we demonstrate hands on with donuts how you can use Machine Learning to see deviations from expected donut consumption and either make more donuts or send out a targeted marketing campaign to get donuts off the shelves and into happy customers.

SplunkLive! London 2017 - Using Machine Learning to Feed Hungry People

Splunk

ITOA user-beginner Splunk Admin-new to Splunk Description: If you’re just getting started with Splunk, this session will help you understand how to use Splunk software to turn your silos of data into insights that are actionable. In this session, we’ll dive right into a Splunk environment and show you how to use the simple Splunk search interface to quickly find the needle-in-the-haystack or multiple needles in multiple haystacks. We’ll demonstrate how to perform rapid ad hoc searches to conduct routine investigations across your entire IT infrastructure in one place, whether physical, virtual or in the cloud. We’ll show you how to then convert these searches into real-time alerts and dashboards, so you can proactively monitor for problems before they impact your end user. We’ll also demonstrate how you can use Splunk to connect the dots across heterogeneous systems in your environment for cross-tier, cross-silo visibility. You’ll have access to a demo environment. So, don’t forget to bring your laptop and follow along for a hands-on experience.

Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk

Splunk

Splunk Ninjas: New Features and Search Dojo

Splunk

Traditional security operations centres (SOCs) often focus too narrowly on alert triage or on meeting simplistic checkbox compliance requirements. This approach can leave the organisation with critical cybersecurity blind spots, and lead to other common problems including low SOC productivity, high analyst turnover, and increased operational costs. Ultimately, this traditional approach to running a SOC can cause the security team to fail to achieve its mission of detecting, responding to, and mitigating true threats in the environment. This session will cover how to build a modern analytics-driven security operations capability for your organisation. The analytics-driven SOC leverages technology innovations to serve human analysts by fusing advanced analytics, threat intelligence, automated response/orchestration, threat hunting, deep investigation, and incident response. This approach helps the security team to consistently deliver fast, effective threat detection and response.

SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...

Splunk

Using Splunk at MoneyGram International

Splunk

Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update

Splunk

This session will review Splunk’s two premium solutions - Splunk Enterprise Security (ES) is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams.

Splunk for Enterprise Security featuring User Behavior Analytics

Splunk

Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk

Splunk

Simplify service operations and improve reliability of events with machine learning and analytics Your data centre creates a lot of events — from low-level disk warnings to critical network issues and even service-level failures. With so many events and false positives, how do you know which events are important and which ones to ‘throw away’? Your current rules-based tools don’t work they are inflexible, cannot handle event volumes from today’s transient infrastructures and do not provide actionable alerts that help you fix the important problems first. Join this webinar to learn how Splunk IT Service Intelligence employs the power of machine learning to provide actionable human scale alerts with service context in an integrated solution, enabling IT teams to focus on fixing what’s broken quickly and easily. Learn how you can rapidly apply machine learning to: - Catch anomalous behavior to detect events before they become critical incidents - Avoid having to create manual rules and set adapt thresholds dynamically - Automatically correlate data to generate highly qualified information, so you can take fast action - Prioritize and speed up investigation on the most important incidents with service context

Rage WITH the machine, not against it: Machine learning for Event Management

Splunk

Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management

Splunk

Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO

Splunk

Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting

Splunk

Destaque (19)

SplunkLive! London 2017 - How to Earn a Seat and the Business Table with Splunk

Splunk Partner+ Program - Partner Marketing e-Learning - France August 2017

Danfoss - Splunk for Vulnerability Management

Splunk at Scotiabank

SplunkLive! Customer Presentation--ServiceNow

Splunk Forum Financial Services Chicago 9/13/17

SplunkLive! Milano 2016 - customer presentation - Unicredit

SplunkLive! London 2017 - Using Machine Learning to Feed Hungry People

Reactive to Proactive: Intelligent Troubleshooting and Monitoring with Splunk

Splunk Ninjas: New Features and Search Dojo

SplunkLive! London 2017 - Building an Analytics Driven Security Operation Cen...

Using Splunk at MoneyGram International

Splunk Forum Frankfurt - 15th Nov 2017 - .conf2017 Update

Splunk for Enterprise Security featuring User Behavior Analytics

Splunk Forum Frankfurt - 15th Nov 2017 - Building SOC with Splunk

Rage WITH the machine, not against it: Machine learning for Event Management

Splunk Forum Frankfurt - 15th Nov 2017 - Machine Learning For Event Management

Splunk Forum Frankfurt - 15th Nov 2017 - GDPR / EU-DSGVO

Splunk Forum Frankfurt - 15th Nov 2017 - Threat Hunting

Semelhante a SplunkLive! Customer Presentation - Cisco Systems, Inc.

The security industry is talking a lot about threat intelligence; external information that a company can leverage to understand where potential threats are knocking on the door and might have already perpetrated the network boundaries. Conversations with many CERTs have shown that we have to stop relying on knowledge about how attacks have been conducted in the past and start 'hunting' for signs of compromises and anomalies in our own environments. In this presentation we explore how the decade old field of security visualization has emerged. We show how we have applied advanced analytics and visualization to create our own threat intelligence and investigated lateral movement in a Fortune 50 company. Visualization. Data science. No machine learning. But pretty pictures. Here is a blog post I wrote a bit ago about the general theme of internal threat intelligence: http://www.darkreading.com/analytics/creating-your-own-threat-intel-through-hunting-and-visualization/a/d-id/1321225?

Creating Your Own Threat Intel Through Hunting & Visualization

Raffael Marty

The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform. Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security. For more signup(it's free): www.cisoplatform.com

RIoT (Raiding Internet of Things) by Jacob Holcomb

Priyanka Aash

Hacking WebApps for fun and profit : how to approach a target?

Yassine Aboukir

Zane lackey. security at scale. web application security in a continuous depl...

Yury Chemerkin

Splunk September 2023 User Group PDX.pdf

Amanda Richardson

Splunk Enterprise for InfoSec Hands-On Breakout Session

Splunk

My tryst with sourcecode review

Anant Shrivastava

Knowing how to perform basic monitoring and analysis can go a long way in helping infosec analysts do some foundation analysis to either crush the mundane or recognize when it's time to pass the more serious attacks on to the the big boys. This presentation covers environment options for making your network monitor-able, three quick steps to triage and analyze alerts, and integrated distros that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well... maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of network monitoring and analysis.

Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016

grecsl

Using Security Incident Response Simulations (SIRS--also commonly called IR Game Days) regularly keeps your first responders in practice and ready to engage in real events. SIRS help you identify and close security gaps in your platform, and application layers then validate your ability to respond. In this session, we will share a straightforward method for conducting SIRS. Then AWS enterprise customers will take the stage to share their experience running joint SIRS with AWS on their AWS architectures. Learn about detection, containment, data preservation, security controls, and more.

(SEC316) Harden Your Architecture w/ Security Incident Response Simulations

Amazon Web Services

Splunk Enterprise for Information Security Hands-On Breakout Session

Splunk

The Dirty Little Secrets They Didn’t Teach You In Pentesting Class

Chris Gates

Splunk Enterprise for Information Security Hands-On Breakout Session

Splunk

Your configuration management is fact-based. Your orchestration is fact-based. Is your monitoring fact-based? What does that even mean? Monitoring is very similar to configuration, at least in its expression. Configuration cares about files, services, and hosts being present and in a certain state (""nginx should be running with the following configuration""). Monitoring cares about services being present, running, and in a certain state. Both describe your infrastructure as it should be (""nginx should be running and respond in less than 200ms""). Fact-based monitoring is about being able to control monitoring with the same facts that Puppet uses (""monitor nginx latency wherever Puppet says it should run""). This is in contrast with imperative monitoring (""monitor nginx on host a, b and c"") that gets out of sync and leads to mailbox meltdowns from spurious alerts. Using open source and commercial examples, this talk will help you express your monitoring in a way that will feel very natural to your Puppet configuration.

Fact-Based Monitoring

Datadog

Fact based monitoring

Datadog

Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.

Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...

grecsl

Over the last few years, as the world has moved closer to realizing the idea of the Internet of Things, an increasing number of the analog things with which we used to interact every day have been replaced with connected devices. The increasingly-complex systems that drive these devices have one thing in common – they must all communicate to carry out their intended functionality. Such communication is handled by firmware embedded in the device. And firmware, like any piece of software, is susceptible to a wide range of errors and vulnerabilities.

Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware

Lastline, Inc.

Splunk is the ultimate tool for the InfoSec hunter. In this unique session, we’ll dive straight into the Splunk search interface, and interact with wire data harvested from various interesting and hostile environments, as well as some web access logs. We’ll show how you can use Splunk Enterprise with a few free Splunk applications to hunt for attack patterns representing SQL injection, data exfiltration, and C2 communication. We’ll show how to find evidence of RATs, brute force attempts, and directory traversal. Finally, we'll also demonstrate some ways to add context to your data in order to reduce false positives and more quickly respond to information. Bring your laptop – you’ll need a web browser to access our demo systems.

Splunk Enterpise for Information Security Hands-On

Splunk

BSides_Charm2015_Info sec hunters_gathers

Andrew McNicol

It is well known that computer exploitation will continue to increase in prevalence and sophistication. Computer network attacks and data exfiltrations are most successful when the methods of exploitation traverse the entry and egress vectors that are least expected and least defended in your network. Most of the time, no matter how well your perimeter is guarded, the user still represents the weakest avenue into that network. A clear need exists to better protect data transmitted and received by the user. But what are we to do when signature-based detection has long been defeated and anomaly/heuristic-based detection is not yet where we need it to be? The solution lies in enhancing the defense paradigm via the incorporation of intelligence-based security (Threat Intelligence) in the analysis of threats and discovery of malicious activity affecting your network, data, and your protected clients.

Incorporating Threat Intelligence into Your Enterprise Communications Systems...

EC-Council

The process of penetration testing starts with the "Reconnaissance Phase". This phase, if performed carefully, always provides a winning situation. However, Often in the application security and bug bounty hunting, recon is mapped to finding some assets and uncovering hidden endpoints only & is somewhat under-utilized. Recon is the most crucial thing in application security and bug bounties which always keeps you separated from a competing crowd and gives easy wins. In "Weaponizing Recon - Weaponizing Recon - Shamshing Applications for Security Vulnerabilities & Profit", will cover the deepest and most interesting recon methodologies to be one step ahead of your competition and how to utilize the tools and publicly available information to map your attack surface & maximize the profit. During the talk, we will cover: 1. Introduction to Recon 2. Basic Recon 101 3. Mapping Attack Surface with Basic Recon 4. Weaponizing Recon to Hit Attack Surface 5. Recon Hacks 101 6. Practical Offensive Recon 7. Automating Recon for Profit 8. Finding Vulnerabilities with Recon 9. Creating your own Recon Map 10. Practical Examples & Demonstrations

Weaponizing Recon - Smashing Applications for Security Vulnerabilities & Profits

Harsh Bothra

Semelhante a SplunkLive! Customer Presentation - Cisco Systems, Inc. (20)

Creating Your Own Threat Intel Through Hunting & Visualization

RIoT (Raiding Internet of Things) by Jacob Holcomb

Hacking WebApps for fun and profit : how to approach a target?

Zane lackey. security at scale. web application security in a continuous depl...

Splunk September 2023 User Group PDX.pdf

Splunk Enterprise for InfoSec Hands-On Breakout Session

My tryst with sourcecode review

Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016

(SEC316) Harden Your Architecture w/ Security Incident Response Simulations

Splunk Enterprise for Information Security Hands-On Breakout Session

The Dirty Little Secrets They Didn’t Teach You In Pentesting Class

Splunk Enterprise for Information Security Hands-On Breakout Session

Fact-Based Monitoring

Fact based monitoring

Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...

Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware

Splunk Enterpise for Information Security Hands-On

BSides_Charm2015_Info sec hunters_gathers

Incorporating Threat Intelligence into Your Enterprise Communications Systems...

Weaponizing Recon - Smashing Applications for Security Vulnerabilities & Profits

Mais de Splunk

.conf Go 2023 - Data analysis as a routine

Splunk

.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV

Splunk

.conf Go 2023 - Navegando la normativa SOX (Telefónica)

Splunk

.conf Go 2023 - Raiffeisen Bank International

Splunk

.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett

Splunk

.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)

Splunk

.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...

Splunk

.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...

Splunk

.conf go 2023 - De NOC a CSIRT (Cellnex)

Splunk

conf go 2023 - El camino hacia la ciberseguridad (ABANCA)

Splunk

BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.

Splunk - BMW connects business and IT with data driven operations SRE and O11y

Splunk

Splunk x Freenet - .conf Go Köln

Splunk

Splunk Security Session - .conf Go Köln

Splunk

Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.

Data foundations building success, at city scale – Imperial College London

Splunk

Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...

Splunk

.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own. Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo. So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including: Top challenges faced in improving security posture Key KPIs implemented in order to measure success Strategies and approaches applied in the SOC How MITRE ATT&CK and Splunk Enterprise Security were utilised Next steps in their maturity journey ahead

SOC, Amore Mio! | Security Webinar

Splunk

.conf Go 2022 - Observability Session

Splunk

.conf Go Zurich 2022 - Keynote

Splunk

.conf Go Zurich 2022 - Platform Session

Splunk

.conf Go Zurich 2022 - Security Session

Splunk

Mais de Splunk (20)

.conf Go 2023 - Data analysis as a routine

.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV

.conf Go 2023 - Navegando la normativa SOX (Telefónica)

.conf Go 2023 - Raiffeisen Bank International

.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett

.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)

.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...

.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...

.conf go 2023 - De NOC a CSIRT (Cellnex)

conf go 2023 - El camino hacia la ciberseguridad (ABANCA)

Splunk - BMW connects business and IT with data driven operations SRE and O11y

Splunk x Freenet - .conf Go Köln

Splunk Security Session - .conf Go Köln

Data foundations building success, at city scale – Imperial College London

Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...

SOC, Amore Mio! | Security Webinar

.conf Go 2022 - Observability Session

.conf Go Zurich 2022 - Keynote

.conf Go Zurich 2022 - Platform Session

.conf Go Zurich 2022 - Security Session

Último

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

SplunkLive! Customer Presentation - Cisco Systems, Inc.

1. Copyright © 2013 Splunk Inc. Splunk the SIEM Jeff Bollinger 0x506682C5 Technical Leader and Infosec Investigator: CSIRT Cisco Systems, Inc. https://blogs.cisco.com/author/jeffbollinger/ https://twitter.com/jeffbollinger

2. About Me... • Cisco Computer Security Incident Response Team (CSIRT) • CSIRT = Security Monitoring and Incident Response • Architecture, Engineering, Research, and Investigations • Enterprise global threat and 24x7 incident response

3. The Numb3rs • Cisco Systems Inc.: – 100 countries – 130,000 employees (with laptops and phones) – 150,000 servers of all types – 40,000 routers – 1,500 labs – 1 CSIRT analyst for every 7,000 employees

4. The Numb3rs Cisco indexes almost 1Tb of log data per day

5. Incident Response Basics • What am I trying to protect? • What are the threats? • > How do I detect them? • How do we respond?

6. How Do I Detect?

7. Out With The Old • You don’t know what you don’t know • Buy and trust a SIEM to run canned reports • Wait for updates from the vendor • Try to edit/create custom reports • Build your own collection infrastructure • Data-centric approach • Build your own reports • Research your own intelligence • Operationalize and optimize! The Old Way The New Way

8. playbook |ˈplāˈbŏk| (noun) A prescriptive collection of repeatable queries (reports) against security event data sources that lead to incident detection and response. Analyze: SIEM

9. A Note on Strategy Hunting vs. Gathering

10. Hunting: Build a Query – Find Bad Stuff • Start with the obvious and simple: index=wsa earliest=-24h x_wbrs_score=ns English translation: Splunk, look at our web proxy logs over the past 24 hours, and give me all the web sites (objects) that had no known reputation score.

11. Hunting: Build a Query – Find Bad Stuff index=wsa earliest=-24h x_wbrs_score=ns Let me stop you right there…

12. Hunting: Build a Query – Find Bad Stuff • Filter based on unique attributes: index=wsa earliest=-24h x_wbrs_score=ns |where isnull(cs_referer) English translation: Splunk, look at our web proxy logs over the past 24 hours, and give me all the web sites (objects) that had no known reputation score, and there was no HTTP referrer.

13. Hunting: Build a Query – Find Bad Stuff index=wsa earliest=-24h x_wbrs_score=ns | where isnull(cs_referer) Ok getting better, sort of…

14. Hunting: Build a Query – Find Bad Stuff • Filter, refine, filter, refine: index=wsa earliest=-24h application/x-dosexec ns GET 200 x_wbrs_score=ns cs_method=GET sc_http_status=200 cs_mime_type=application/x-dosexec (java OR MSIE) NOT (mirror OR cdn) | where isnull(cs_referer) English translation: Splunk, query our web proxy logs over the past 24 hours, and give me all the web sites (objects) that had no known reputation score, and there was no HTTP referrer, where either Java or Internet Explorer successfully downloaded an executable file from a site that didn’t have ‘mirror’ or ‘CDN’ in the URL.

15. Hunting: Build a Query – Find Bad Stuff Here we go! index=wsa earliest=-24h application/x-dosexec ns GET 200 x_wbrs_score=ns cs_method=GET sc_http_status=200 cs_mime_type=application/x-dosexec (java OR MSIE) NOT (mirror OR cdn) | where isnull(cs_referer)

16. Gathering: Build a Query – Find Bad Stuff If you can find or create a re-usable pattern, you can save a search, make a report, and automate! 16

17. Gathering: Build a Query – Find Bad Stuff For example: this query will detect the Tracur clickfraud trojan: index=wsa earliest=-6h@h m cs_url="*/m/*” MSIE (NOT (cs_referer="*")) | regex cs_url="^http://(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0- 9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/m/[A-Za-z0- 9/+]{50,1000}$" http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3aWin32%2fTracur

18. Do It Yourself • Once you have: • Solid, repeatable, saved searches • Research and intelligence gathering • Consistent handling procedures • Documentation and tuning • You have your own SIEM, running in Splunk, and completely custom to your organization

19. Thank you

Notas do Editor

Trying to protect? infrastructure intellectual property customer and employee data brand reputationWhat are the threats?Malware gone wildTargeted attacksRogue insidersMismanagementHow do I discover them? Security monitoringLogging and event retrievalOperational intelligenceHow do we respond?IR processIdentificationIsolationRemediation
Lots of sensorsDefense in depthLog collectionLog analysis
Old Way: (SIEM approach, and our early v1 approach with Splunk)Dependent upon vendors to write queries for you or to have a magic box or algorithm that will find it allTuning can be an issue within a SIEM if you can’t do it from the event source itself (i.e. wheat from chaff problem)New Way: data-centric playbook approach using log data and Splunk (v2)Flexible & easily adaptable for updates, and tactical changesTotally custom upfront, but work savings after plays are operationalizedTopical, relevant, and current research can be deployed quickly, even as a simple test for a larger operations
In terms of Incident Response a playbook is….
Cisco indexes between 150 and 300 Gb of WSA data per day

SplunkLive! Customer Presentation - Cisco Systems, Inc.

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (19)

Semelhante a SplunkLive! Customer Presentation - Cisco Systems, Inc.

Semelhante a SplunkLive! Customer Presentation - Cisco Systems, Inc. (20)

Mais de Splunk

Mais de Splunk (20)

Último

Último (20)

SplunkLive! Customer Presentation - Cisco Systems, Inc.

Notas do Editor