The Splunk Threat Research Team (STRT) has continued focusing development on the Splunk Attack Range project and is thrilled to announce its v2.0 release with a host of new features. Since the v1.0 release 6 months ago the team has been focused on developments to make the attack range a more fully-featured development testbed out of the box. This blog post will share these additions as well as some of the project’s future directions.

According to recent surveys and reports on the industry, Kubernetes and containers are more popular than ever. Containers and serverless functions are being mainstream and ubiquitous – with a more than 300% increase in container production usage in the past 5 years. This trend is especially true for large organizations, which are often using managed platforms and services.

Network performance monitoring (NPM) and application performance monitoring (APM) are both key pillars of an overall performance and reliability management strategy, especially when dealing with complex, distributed infrastructure across cloud-native environments. NPM and APM also complement each other, in the sense that NPM can serve as an additional source of truth and observability for application performance.

Anomaly detection can be defined by data points or events that deviate away from its normal behavior. If you think of this in the context of time-series continuous datasets, the normal or expected value is going to be the baseline, and the limits around it represent the tolerance associated with the variance. If a new value deviates above or below these limits, then that data point can be considered anomalous.

OpenTelemetry is one of the most fascinating and ambitious open source projects of this era. It’s currently the second most active project in the CNCF (the Cloud Native Computing Foundation), with only Kubernetes being more active. I was at KubeCon Europe last month, delivering a talk on OpenTelemetry and it was amazing to see the full house and the excitement and interest around the project.

Insights from the 2022 Results That Matter study Correlating data across multiple silos and applications to derive meaningful and actionable insights is an ongoing struggle. These challenges are only set to increase as high-speed connectivity becomes more ubiquitous and enables data-heavy, digital experiences.

Love it or hate it, many organizations have Microsoft Windows as part of their infrastructure. They usually operate a series of Windows services like: Although surveys report that the market share of businesses using Windows is smaller than that of businesses using Linux, many organizations still use private Windows servers that are not accessible over the internet.

One of the things about Silicon Valley culture is the obsession around the technology that gets created and the idea of the engineer as the hero of the story. You see the same kind of thing with other professions — like with finance executives in New York, celebrities in Hollywood, or firefighters and police officers in different areas across the US.

According to Norton’s Cyber Safety Pulse Report, India faced over 18 million cyber threats in only Q1 2022, roughly 200,000 threats every day. Of the bulk, 60,000 were phishing attempts, and 30,000 were tech support scams. For perspective, phishing attempts around the world during the same period counted for approximately 16 million. CERT-In also reported over 2.12 lakh (~0.1 million) cybersecurity incidents until February 2022.

Cribl Stream has supported external Lightweight Directory Access Protocol (LDAP) authentication since version 2.0 was released in late 2019. LDAP directories offer many features, and it’s up to clients to implement them for compatibility. Here is a non-exhaustive list of LDAP features that Cribl Stream does not support: This blog post explores how Cribl Stream implements LDAP for user authentication and assumes you have a working knowledge of the topic.