Windows events provide a wealth of security-relevant information, especially when they are correlated and analyzed within a SIEM like IBM Qradar. Whether you rely on MITRE ATT&CK, NIST, or another security framework, Windows Events are likely one of your higher volumes (EPS – Events Per Second) and represent your largest-sized events (Gigs per day – Storage and Archive).

The rapid growth of 5G technology and expanse of the Telecoms industry has created the need for these organizations to implement effective data-driven decisions, to enable the future profitability of their companies. This raises the challenge of analyzing data from various sources across complex networks to derive insights and ultimately decision making.

So, you finally have Cribl Edge collecting Logs, Metrics, and Events from your Kubernetes clusters and scraping your Prometheus endpoints. This post will guide you in enriching your events and metrics to help you identify and spot trends or anomalies in the performance of your containers.

In the dynamic world of observability and analytics, everyone’s looking for smarter, more efficient, and interoperable ways to handle their data. That’s where Cribl steps in, bringing you an exciting update to our product lineup. We’re thrilled to introduce the OTLP Metrics Function to Cribl Stream 4.5! This Function converts metrics into the OpenTelemetry Protocol (OTLP) format with ease!

In my role here at Splunk, I get the opportunity to speak to a number of our customers about the challenges they are facing in building and running these complex platforms that power today’s environments. And what’s more, is that the challenges are more or less the same.

This technical whitepaper delves into the intricacies and benefits of advanced log file monitoring, showcasing its pivotal role in modern IT infrastructure management. We explore the fundamental principles of log file monitoring, discuss the challenges associated with traditional approaches, and highlight the advantages of adopting advanced techniques.

PromQL-based alerting policies and our command-line tool for importing dashboards from Grafana are now available in Cloud Monitoring.

IBM Qradar is a Security Incident and Event Manager (SIEM) trusted by many organizations to provide threat detection, threat hunting, and alerting capabilities. Qradar SIEM is often integrated with complementary IBM tools or enhanced with extensions to meet the needs of organizations that wish to mitigate their risks.

Unit testing is most often used for testing business logic. But what if you want to ensure that your code logs important messages to your log store? In this post, I'll introduce you to FakeLogger and how it can be used to test logging code when using Microsoft.Extensions.Logging and the ILogger interface. So, let's start by discussing why to even unit-test logging code. Adding good logging to your code is an often forgotten or down-prioritized practice.