Security log management is the process of collecting, storing, and correlating the network data that details all activity in your systems and networks. Every action in an organization’s network generates event data, including records produced by operating systems, applications, devices, and users. The Center for Internet Security (CIS) identifies log management as a basic control for detecting malicious actors and software hiding in networks and on machines.

Previous articles in our series have introduced the Splunk App for Infrastructure (SAI) and provided getting-started guidance for Linux and Windows using native metric-collection tools such as collectd and perfmon. But did you know you can also use your existing Splunk Universal Forwarders (UF’s), together with the Splunk Add-on for Unix and Linux (TA-Nix) to send both the metrics and logs without the need of additional agents?

The network is foundational to distributed application environments. A distributed application has multiple microservices, each running in a set of pods often located on different nodes. Problem areas in a distributed application can be in network layer connectivity (think network flow logs), or application resources unavailability (think metrics), or component unavailability (think tracing).

The aggregations framework has been part of Elasticsearch since version 1.0, and through the years it has seen optimizations, fixes, and even a few overhauls. Since the Elasticsearch 7.0 release, quite a few new aggregations have been added to Elasticsearch like the rare_terms, top_metrics or auto_date_histogram aggregation. In this blog post we will explore a few of those and take a closer look at what they can do for you.

In our latest post we’re covering a range of the different kinds of problems and threats data analysis can help protect your business from. We’ve brought together some of our favourite experts working in big data, cybersecurity and tech to shed light on some of the practical applications of using data analysis for protecting your operations.

If you are dealing with microservices, serverless architecture, on any other type of distributed architecture, you have probably heard the term “Distributed Tracing.” You may have been wondering what it’s all about, and where should you start, in this post, I’ll tell you about the journey we passed at Duda, from the day we heard about distributed tracing and started to explore whether it will be useful to use it in our company, to the exploration on what is distributed tracing a

Security Information and Event Management (SIEM) tools focus on insights into IT environments and tracking records of all their operations. These IT environments can be application infrastructures, physical networks, and cloud networks. SIEM initially evolved from the log management discipline, which involved integrating security events with security information to collect, analyze, and report on activities in networks.

We at Coralogix, believe that cloud security is not a “nice-to-have” feature – something that only large organizations can benefit from or are entitled to have. We believe it’s a basic need that should be solved for organizations of any shape and size. This is why we built the Coralogix Security Traffic Analyzer (STA) tool for packet sniffing and automated analysis. Today we’re announcing several new features to our security product you’ll find interesting.