Hi, Let's take a look behind the scenes and find out how Security Orchestration Automation and Response (SOAR) solutions can have a positive impact on your security investigation and response efficiency. In this article, I'll also highlight how Phantom-mobile makes your life as the “officer on duty” a lot easier.

Howdy Splunkers, I’m back and this time I’m packin’ a serious punch. I’m so excited to announce the availability of my new IT Service Intelligence (ITSI) Content Pack for Monitoring and Alerting.

As a company leader, what value are you extracting from your business and IT? What about from security data lakes and processes? Are you able to drive speed for your business because of real-time, advanced analytic capabilities? Successful companies are making technology architecture their business architecture—aligning stakeholders, processes, data, and analytics in an integrated fashion to deliver faster, data-driven decisions that are more accurate than ever before.

It’s been a while since I have had the pleasure of announcing a new version of Security Monitoring (September 2018), but today I am doing just that. There is nothing better to inspire spending your evenings coding and playing with Splunk than your partner watching shows that just don’t interest you! For my UK friends, yes ‘Love Island’ is that show and for my more international friends "look it up!". So, what updates did I bring?

During their time at theCUBE, some of our executives talk about what Data-to-Everything really means, and how our latest product releases help organizations bring data to more questions, decisions and actions. Here are their insights.

Generally, 2009 to 2019 were 10 golden years for manufacturers worldwide. After the swift recovery from the economic and financial crisis in 2008/09, many manufacturers have been enjoying double-digit order intake growth, increasing revenues and profits for over a decade. German manufacturers in particular benefitted from an unprecedented peak in 2018. Volkswagen delivered a record-high number of 11 million cars and grew its revenues to 236 billion euros, the highest revenue ever in its long history.

Hey there, While the World Economic Forum (WEF) in Davos always dominates the news agenda across a variety of topics I wondered what discussions around technology occurred this year, particularly from a cybersecurity perspective. During my reading, I came across the global risks report 2020 published by WEF and thought sharing some of the key points would help you in case you have to argue about the importance of cybersecurity.

Editor’s note: CVE-2020-0601, unsurprisingly, has created a great deal of interest and concern. There is so much going on that we could not adequately provide a full accounting in a single blog post! This post focuses on detection of the vulnerability based on network logs, specifically Zeek as well as Endpoint. If you are collecting vulnerability scan data and need to keep an eye on your inventory of systems that are at risk, then check out Anthony Perez’s blog.

The Deep Learning Toolkit (DLTK) was launched at .conf19 with the intention of helping customers leverage additional Deep Learning frameworks as part of their machine learning workflows. The app ships with four separate containers: Tensorflow 2.0 - CPU, Tensorflow 2.0 GPU, Pytorch and SpaCy. All of the containers provide a base install of Jupyter Lab & Tensorboard to help customers develop and create neural nets or custom algorithms.

Workload management is a powerful Splunk Enterprise feature that allows you to assign system resources to Splunk workloads based on business priorities. In this blog, I will describe four best practices for using workload management. If you want to refresh your knowledge about this feature or use cases that it solves, please read through our recent series of workload management blogs — part 1, part 2, and part 3.

In this blog post, we discuss using Telegraf as your core metrics collection platform with the Splunk App for Infrastructure (SAI) version 2.0, the latest version of Splunk’s infrastructure monitoring app that was recently announced at Splunk .conf19. This blog post assumes you already have some familiarity with Telegraf and Splunk. We provided steps and examples to make sense of everything along the way, and there are also links to resources for more advanced workflows and considerations.

Software vulnerabilities are part of our lives in a digitalized world. If anything is certain, it’s that we will continue to see vulnerabilities in software code! Recently the CVE-2020-0601 vulnerability, also known as CurveBall or “Windows CryptoAPI Spoofing Vulnerability”, was discovered, reported by the NSA and made headlines. The NSA even shared a Cybersecurity Advisory on the topic. Anthony previously talked about it from a public sector and Vulnerability Scanner angle.

It’s 2020, which means it’s time to look back at 2019 and reminisce about the good times – fun with family and friends, good food, travel, and memories to last a lifetime. Who am I kidding? Everyone remembers the bad stuff. The increasing impacts of climate change; relentless fires in the Amazon, California, and Australia; political and social unrest around the globe; and the last season of Game of Thrones. Jon Snow... you still know nothing.

With 2020 now well underway and the end of our financial year just around the corner, it’s a great moment to review some of the successes we have had in the EMEA Partner team over the past year. One particular highlight for us came in December when Orange Business Services, the digital transformation arm of Orange, named Splunk as its Digital & Data Partner of the Year at its annual awards in Paris.

Hey Everyone, We recently did a webinar with Christian Heger, technical head of the DATEV SOC, as well as Sebastian Schmerl, head of cyber defense of Computacenter. They shared their 6-month path of modernizing their security operations with help of Splunk technology and the MITRE ATT&CK framework. As we weren’t able to address all of the questions during the webinar, we discussed these afterwards and share them in this blog post as a Q&A follow-up.

Does one or more of the following personas describe you? If you fit one of those personas, you are in luck because I’m happy to tell you about some new Splunk integrations with Visual Studio Code in this blog.

Data destruction is an aggressive attack technique observed in several nation-state campaigns. This technique under MITRE ATT&CK 1485, describes actions of adversaries that may “..destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives”.

Despite the hype around predictive maintenance, basic data collection and analysis are still high priorities for manufacturing companies and key criteria for the success of Industrial Internet of Things (IIoT) projects. It is crucial that people who are most familiar with industrial assets, like process or control engineers, have direct access to industrial data. That way inadequate situations such as breakdowns can be resolved quickly.

As I have mentioned in previous blogs use of AI can be challenging, but it can also deliver a lot of positive outcomes. Many of our customers believe that they have a skills and understanding gap when it comes to AI, which is why we are delighted to have been working with the World Economic Forum (WEF) to draft guidance on how these types of techniques can be used and assessed.

If you have or plan to collect data from Google Cloud Platform (GCP), you will have noticed that your option of ingesting data has been by using Splunk’s Google Cloud Platform Add-On. However, many customers are adopting “serverless” cloud services to deliver their cloud solutions. There are many reasons for this, but mainly it provides solutions that do not require any overheads of server or container management, that scale and is delivered as a part of their cloud platform.

Being a CIO is not easy these days. The industry is buzzing about data-driven business transformation, and every executive and manager wants to make data-driven decisions. For the CIO, finding the right solution – and getting the maximum benefit from it – can be overwhelming. Most customers have a minimum expectation, but beyond that it can be difficult to envision what’s possible. It’s hard to see what else data can make possible.

Yesterday, Jan. 14, 2020, on the first “patch tuesday” of the year, Microsoft released patches for critical vulnerabilities in Microsoft Windows client and server operating systems.

Recently, our good friends at Amazon Web Services (AWS) launched an awesome new product, VPC Traffic Mirroring. Here at Splunk, we are excited about this new capability as it allows our Splunk Stream platform to ingest this data, and send it on to any Splunk instance, in the cloud or on premises. Leveraging this capability allows Splunk users to collect specific network data from their AWS environment, and use it to fulfill security, IT Ops, or business-focused use cases.