Previous installments of this series have given you the overview and configuration details you need to ingest any source that is supported by Splunk Connect for Syslog and configure customizations and overrides that match your enterprise. This leaves one key capability of SC4S that we have not yet covered, and that is extending the platform itself. In this installment, we'll walk through the configuration of an entirely new data source – one that SC4S does address out of the box.

With a turbulent year and 2020 coming to its end, I’d like to thank you for your continued interest in my blog posts. In my last .conf talks I received a lot of positive feedback combined with the ask to have more posts with such content, so thanks for motivating me and here we go! Recently, my colleague Dimitris wrote about how you can set up DLTK on a AWS GPU Instance.

The Splunk Augmented Reality (AR) team is excited to share more with you. In our first AR post, "Splunk AR: Taking Remote Collaboration To The Future is Already Here," from .conf20, we talked about our new Remote Collaboration feature, which helps field workers and remote experts collaborate in AR. In today’s post, we'll talk about our advancements in Object Detection. This new feature makes it even easier to deploy Splunk AR with your assets.

This blog is part two of Splunk's Sunburst Backdoor response aimed at providing additional guidance to our customers (you can read part one, "Using Splunk to Detect Sunburst Backdoor," by Ryan Kovar). In this blog, we’ll cover how to ingest threat indicators to combat Sunburst Backdoor in Splunk Enterprise Security (ES).

The news of the “Sunburst Backdoor” malware delivered via SolarWinds Orion software has organizations choosing to shut down Orion to protect themselves. This includes several U.S. government organizations following the recent CISA guidance. If you are considering a similar response in your own environment, a critical next step is quickly restoring the lost visibility to the health and operations of your infrastructure.

Genesys is one of the world’s leading Contact Centre platforms, offering their customers the ability to deliver superior experiences. Genesys offers a range of solutions which cover SaaS, multi-cloud, and on-premises options to cater for all of their customer requirements. Splunk is traditionally known for helping customers with challenges around IT monitoring and security requirements regardless of whether they are running an on-premises datacenter or have a cloud first approach.

The Well-Architected Tool is a new AWS service that compares the state of your workloads with AWS architectural best practices. Splunking your workload state and improvement recommendations will give you better insights into your applications as well as best practices to follow along your cloud journey. The Well-Architected integration in Grand Central will give you workload insights broken down by the following 5 pillars.

As we approach the end of an unpredictable year, it’s a good time to reflect on the ways data has made a positive impact. Data is helping stop human trafficking with Global Emancipation Network, connected relief resources during crises with NetHope, and saved lives during wildfires with Zonehaven. And with our powerful partner ecosystem, and the arrival of the Data Age, there is so much more we can accomplish together.

TL;DR: This blog contains some immediate guidance on using Splunk Core and Splunk Enterprise Security to protect (and detect activity on) your network from the Sunburst Backdoor malware delivered via SolarWinds Orion software. Splunk’s threat research team will release more guidance in the coming week. Also please note that you may see some malicious network activity but it may not mean your network is compromised. As always review carefully.