Mar.26

Splunk Hackathon

This month ECS (my employer) and I hosted a Splunk Hackathon at Napier University in Edinburgh. We aimed the event at 3rd-year students and above (including recent graduates) and had a great turn out.

The challenges we set are below:

Overall it was a great experience and we felt the attendee had some fun and learned a bit about data analytics and big data too!

Other

Sep.27

Splunk’s Major Announcements at .conf 2016

This years’ .conf event is currently being hosted by Splunk at Disney in the US. So far the have been some awesome announcements and below are the highlights with links to the Splunk Blogs which go into them in more detail.

  • Introducing Splunk Enterprise 6.5 – Machine Learning and Simplified Data Analysis Open New Vistas
    • Splunk Enterprise has long offered a strong array of ML commands like anomaly detection, outlier, predict and cluster that use fixed algorithms to do their work – no ML expertise required. Today, we formally introduced the Splunk ML Toolkit (v2.0 actually) –  a guided workbench and SPL extensions to help you create and operationalize your own custom analytics based on your choice of algorithms.
    • Next up is Tables, a new feature that lets you create and analyze tabular data views without using SPL. Tables will make it easier for anyone to work with Splunk – even Splunk specialists – and will let you leverage your data into whole new uses and users.
    • Hadoop Data Roll give you another way to reduce historical data storage costs while keeping full search capability. It’s now a free option of Splunk Enterprise that lets you save up to 80% storage capacity by leveraging your data lake for storing seldom-accessed data.
  • What’s new in Splunk IT Service Intelligence
    • ITSI is focused on improving the signal to noise ratio with IT monitoring, reducing the effort wasted sifting through vast numbers of event data by filtering, tagging and sorting events based on priority. You can quickly tag, index, enrich and add context to events in ITSI to make event management more informative and more actionable.
    • Splunk ITSI Modules include built-in data access and pre-packaged dashboards, to deliver deep, service-oriented insights into individual technology domains like application servers, databases, load balancers, operating systems, virtualization, web servers, storage, cloud services and mobile end user experience.
  • Enterprise Security 4.5 – Use Analytics-Driven Decision Making and Automation to Improve Threat Detection and Operational Efficiency
    • It provides the ability to register and configure automated or assisted response actions enabling you to effectively leverage your existing your security products, Firewall, IDS/IPS, Endpoint, Threat Intelligence, Incident Response, Identity, with Splunk ES as your central security intelligence platform.
    • You can use UI wizards and dashboards for specifying the nature of actions, categorizing actions, receive feedback on status of actions and results across a wide range set of entities.
    • Glass Tables includes a visual analytics framework that uses key security metrics to create custom visualizations. Glass Tables has two modes, viz., Edit mode and View mode. The Glass Tables edit mode provides a intuitive visual editor, where you can create and modify visualizations, including security metrics searches based on data models and correlation searches. The Glass Tables View mode lets you see any visualization, which includes search results for security metrics based on data models and ad hoc searches.
  • Introducing Splunk UBA 3.0
    • Splunk UBA’s primary focus is to continue broadening its detection coverage and the latest release supports over forty machine learning models. The models are categorized as either streaming or batch. Streaming models analyze data in real-time, whereas batch models process data or compute aggregates at a scheduled interval; an example of a batch model would be as follows: identify any outliers on Active Directory data with Peer Group in consideration (Active Directory Markov-Chain Correlation Model).
    • Splunk UBA 2.3 (released at RSA) delivered the ability to write custom threats, but with Splunk UBA 3.0, customer threat detection capabilities were elevated to the next level. Not only are new threat scenarios delivered via content subscription, our threat research team delivers blue prints of new use-cases that can be customized to address customer’s needs. All-in-all, twelve to over twenty out-of-the-box threat scenarios are now available at a customer’s finger tips. These new threat scenarios range from detecting low-and-slow attacks to detecting aggressive attacks such as Remote Account Take Over with Data Exfiltration.

That’s the big ones from this year’s .conf! I encourage you to check Social Media and/or their Blog if you would like to see what other news is coming this week from Splunk!

News

Sep.20

Splunk User Group – Edinburgh

So in partnership with Splunk and ECS I’ve started an official Splunk User Group based in Edinburgh.

It’s the only UK based user group not based in London, so we’re hoping to get a good following and hopefully build a great community of enthusiastic Splunkers!

The events are free and a ‘no sales’ space. Very much designed for technical users of Splunk, but newbie are welcome too!

Join / Event (RSVP)

We’ll also be looking for guest speakers and people who would like to lead group discussions.

Hope to see you there!

News

Jun.26

Splunk Partner Panel Q&A – Barcelona

I was recently given the opportunity to visit Barcelona to attend the Splunk EMEA Partner Technical Symposium. The sessions were of really high quality and the networking / discussions with colleagues in the industry and the Splunkers themselves was great!

I was also asked to take part in the Partner Panel which was a core session and explored a number of questions to the panel across the following areas:

  • Highlighting Splunk Value
  • Implementation Challenges
  • Gaining Support / Communicating with Splunk
  • Many More!

I hope to write some follow-up posts answering some of these so they are preserved as the Q&A was really interesting and (I hope) enlightening.

News,Presentations

Jun.26