Operations | Monitoring | ITSM | DevOps | Cloud

July 2020

Getting Github Data with Webhooks (Part 2)

After my last blog around sending Github Data to Splunk via Webhooks, I received a healthy amount of feedback that I want to address here. I learned that (unsurprisingly) a lot of customers are curious about, or dependant on, other cloud platforms out there. In fact, I heard directly from some customers who specifically cannot use any other cloud platforms than one in particular that was not highlighted in my last blog.

A Unified Security Operations Platform: Splunk Mission Control

Security is easy, right? Get yourself a patchwork of security point products meant to solve one or two specific problems, and your organization is safe from threats! Ah, if only it were that simple… In reality, security operations are disjointed and complex. Security visibility and functionality (i.e. threat detection, investigation, containment and response capabilities) are often divided among a multitude of different security products (e.g.

Extend Your Splunk App with Custom REST Endpoints

As you build more complicated Splunk apps, you might wonder, “What is the best way to make the features in my app more usable?” If you’re adding new SPL commands or creating ways to input new data sources, the answer is straightforward. But imagine you’re trying to address one of the following scenarios: For cases like these, consider extending the Splunk REST API with custom endpoints.

Graph Analytics Using Splunk and the Machine Learning Toolkit

Almost all data in Splunk can be turned into graphs, and that's possibly something you may not have considered before. In your network traffic data, a source IP connects to a destination IP with attributes like bytes in/out, packets, ports, and other properties. Users log into an interconnected stack of systems, services, devices and applications which are connected with each other. Transactions run from A to B to C and may describe a process that helps you analye user journeys and business processes in general.

The Words of the Birds - Leveraging AI to Detect Songbirds

When was the last time you had the chance to listen to some of the most beautiful concerts that nature can play for you? From simple chirps and tweets to complex bird songs composed into a sophisticated soundscape, you may wish you could decrypt and understand their daily conversation. “Hey, good morning, how are you today?”, you might hear in the early hours, sometimes so loudly that you are awakened from the chirping.

A Smarter Way to Preprocess Your Data

In May we released the Splunk Machine Learning Toolkit (MLTK) version 5.2. We’ve loved telling you about some of the great new features, including the most recent blog on DensityFunction. However, we know that before you can start experimenting with model-building algorithms such as DensityFunction, your data needs to be prepared for machine learning. Machine learning operates best when you provide clean data as the foundation for building your models.

Containers, Microservices, and Kubernetes

Faster application development requires more agile application infrastructure. Containers started the transformation of modern application architectures which now are dominated by microservices running on Kubernetes. In this episode of Dissecting DevOps find out how cloud infrastructure has changed, how the modern architectures make application development easier, and the unique challenges introduced by microservices and Kubernetes.

The New Normal: Organizations Need Security Leaders More Than Ever

The world is changing at a pace not seen in modern history. Security leaders, including chief information security officers (CISOs), face new security challenges as well as opportunities. As COVID-19 drives workers to look for new ways to live and work, organizations must be proactive. The ‘new normal’ may seem scary at first, but savvy CISOs who see beyond tactical changes to the threat landscape can capitalize on opportunities.

Operationalizing HashiCorp Vault: Introducing a New Splunkbase App to Monitor Vault

We are excited to announce the availability of the Splunk App for HashiCorp Vault. Using this app, organizations can seamlessly ingest and visualize performance metrics and audit logs in Splunk to investigate, monitor, analyze and act on Vault data across DevSecOps use cases.

Splunking Slack Audit Data

The Slack Audit Logs API is for monitoring the audit events happening in a Slack Enterprise Grid organization to ensure continued compliance, to safeguard against any inappropriate system access, and to allow the user to audit suspicious behavior within the enterprise. This essentially means it is an API to know who did what and when in the Slack Enterprise Grid account. We are excited to announce the Slack Add-on for Splunk, that targets this API as a brand new data source for Splunk.

CI/CD Detection Engineering: Splunk's Security Content, Part 1

It's been a while since I've had the opportunity to take a break, come up for air, and write a blog for some of the amazing work the Splunk Threat Research team has done. We have kept busy by shipping new detections under security-content (via Splunk ES Content Update and our API). Also, we have improved the Attack Range project to allow us to test detections described as test unit files.

Nation-State Espionage Targeting COVID-19 Vaccine Development Firms - The Actions Security Teams Need To Take Now!

Throughout the duration of COVID-19, there have been consistent rumors of increased nation-state espionage. In parallel, many recent ransomware strains have a COVID-19 tie-in. Now the United Kingdom's National Cyber Security Centre (NCSC), published an advisory report that the threat group APT29 is targeting governmental, diplomatic, think-tank, healthcare and energy targets for intelligence gain which are involved in COVID-19 vaccines development and testing.

Tackling Financial Crime is a Matter of Data: Fresh Thinking on an Age-Old Problem

Financial firms need to take a holistic view on their financial crime defenses to keep pace with the changing crime landscape. Dealing with the onslaught of attacks has historically elicited a Pavlovian response to this age-old problem — increased regulations or tighter risk management protocols, which in turn have proven to be ineffective over the long term.

Splunk Remote Work Insights - Now Available on Mobile!

The way we work has fundamentally changed in recent months due to the impact of the global COVID-19 pandemic. As more employees are working remotely, organizations are looking at new ways to ensure their workers can stay productive and secure. We released Splunk Remote Work Insights (RWI) to help IT and security teams have insight into the systems that their employees rely upon while working remotely.

Splunk and the WEF - Working Together to Unlock the Potential of AI

Use of AI can be critical when developing systems to support social good, with some inspiring examples using Splunk in healthcare and higher education organisations. According to our State of Dark Data report, however, only 15% of organisations admit they are utilising AI solutions today due to lack of skills. So how can we help organisations unlock the potential of AI?

Using Observability as a Proxy for Customer Happiness

Today, users and customers are driven by response rates to their online requests. It’s no longer good enough to just have a request run to completion, it also has to fit within the perceived limits of “fast enough”. Yet, as we continue to build cloud-native applications with microservice architectures, driven by container orchestration like Kubernetes in public clouds, we need to understand the behavior of our system across all aspects, not just one.

How to Modernize Your Security Operations Center (SOC)

In an evolving world, the modernization of the security operations center (SOC) is pivotal to the success of digital transformation initiatives. Security teams, however, are facing a shortage of cybersecurity professionals and struggling to detect and prioritize high-priority threats. Analysts in data-driven organizations can combat these issues by bringing people, process and technology together.

Dashboards Beta v0.6: O.M.G. Oh My Grid (Layout)

If you’re new to the Dashboards Beta app on Splunkbase and you’re trying to get started with building beautiful dashboards, the "Dashboards Beta" blog series is a great place to start. This Dashboards Beta app brings a new dashboard framework, intended to combine the best of Simple XML and Glass Tables, and provide a friendlier experience for creating and editing dashboards.

OpenTelemetry, Open Collaboration

OpenTelemetry — the merger of OpenCensus and OpenTracing — appeared in May of 2019, led by companies like Omnition (now a part of Splunk), Google, Microsoft, and others who are pushing the curve on observability. OpenTelemetry is a project within the Cloud Native Computing Foundation (CNCF) that has gathered contributors and supporters far and wide, becoming one of the most active projects found in open source today. It’s currently #2 behind only Kubernetes!

Implement Observability as Code with HashiCorp and Splunk

Driven by digital market shifts, organizations are adopting cloud and cloud-native technologies to deliver a better end-user experience, scale efficiently — both up and down —and increase innovation velocity. While distributed cloud architecture brings agility, it also brings operational complexity. Therefore, developing effective observability practices is all the more important for delivering a flawless end-user experience for cloud applications.

Supercharged SOAR: Meet Splunk Phantom 4.9

The number of cyberattacks launched on organizations continues to rise every year. More attacks means more security alerts that security analysts have to triage each day. Many security teams have turned to a security orchestration, automation and response (SOAR) tool to help them automate the ever-increasing volume of security alerts, and respond to threats faster and more comprehensively.

SAI Something Linux: Monitoring Linux with Splunk App for Infrastructure

Metrics and logs go together like cookies and milk. Metrics tell you when you have a problem, and logs/events often tell you why that problem happened. But it’s always been harder than it needed to be to get both types of data onto a single screen, especially when the sysadmins using the tools aren’t necessarily daily experts in managing those monitoring platforms.

React, Adapt, Evolve: Using Data to Navigate the 3 Phases of a Crisis

When the coronavirus pandemic hit Asia-Pacific back in January, no one knew what to expect. As the first region to grapple with the questions and uncertainties that the virus presented, leaders had to process the new reality and spring into action at record speed. While navigating the shifting landscape has been a unique journey for all organizations, a few things have proven to be consistent.

Logs and Metrics and Traces, Oh My!

There are a lot of aspects to supporting modern applications, and it all starts with the data applications produce that give visibility and insights into what is going on. In the first episode of Dissecting DevOps, Dave and Chris review the differences between logs, metrics, and traces. Find out how these sources of data help you better understand and support your application.

Bringing Data to Command & Control

It’s a metaphor that would have been impossible to decode even a decade ago: a Command and Control environment where essential data flows as quickly and intuitively as a map on Uber or Lyft. It’s a way of imagining efficient access to up-to-the-minute mission-relevant information, so that any sensor can make useful intelligence available to any device or effect, on a single screen, in time to make a difference.

Data Culture: The Future of the Intelligent Organisation Starts Here

In today’s digital world, every transaction is logged to give businesses endless amounts of functional data, and there is near-universal agreement that data insights will be integral to the success of businesses in the future. There is undoubtedly a need for a more data literate workforce.

Data Will Keep Our Workplaces Healthier and More Productive - But There Must Be Trust and Transparency

In a post-pandemic world, we must use data in new ways. This in turn will require new discussions about, and practices creating, trust and transparency. The necessity of data and its benefits will be weighed against legitimate concerns of misuse of data.

Approaching Azure Kubernetes Security

The Splunk Security Research Team has been working on Kubernetes security analytic stories mainly focused on AWS and GCP cloud platforms. The turn has come now for some Azure Kubernetes security monitoring analytic stories. As outlined in my "Approaching Kubernetes Security — Detecting Kubernetes Scan with Splunk" blog post, when looking at Kubernetes security, there are certain items within a cluster that must be monitored.