Operations | Monitoring | ITSM | DevOps | Cloud

May 2020

3 Regulatory Compliance Trends That Are Accelerating in 2020

A growing attack surface and the exponential rise of data has opened the floodgates for breaches, leading to increased scrutiny by regulatory agencies. It’s not surprising that in recent years, regulators have had to double down with compliance mandates that are more stringent and punitive than ever before.

How To Determine When a Host Stops Sending Logs to Splunk...Expeditiously

So I've only been at Splunk for 8 months, and in the short amount of time I've been here, one of the most common questions I've been asked is “How do I get an alert when Splunk is not receiving logs?". As a matter of fact, if I had $0.05 each time I was asked this question, I would have $0.25! Surprisingly, with this being such an often-asked question, I haven't been able to find much documentation on how to accomplish this using the native features of Splunk.

Cloud Adoption is No Longer an Option for Federal Agencies

In May 2019, Bloomberg Government reported that Federal agencies planned to move 272 information technology programs to the cloud in FY2020. Fast forward to April 2020 — they reported that there are more than 1,800 federal IT programs that are either migrating or considering migrating to the cloud in fiscal 2021, signifying a rapid increase in cloud adoption in the federal government. How might COVID-19 affect this explosive increase in cloud interest?

Embrace Growing and Untapped Data Sources Without Price as a Limitation

At Splunk, we're listening to our customers and offering more predictable, flexible, and familiar pricing options as part of our Data-to-Everything Pricing model. In particular, Splunk’s new infrastructure pricing metric changes the paradigm of how much data you can analyze with Splunk, allowing users to move toward a value-driven pricing model that better aligns what you pay with real value you can extract from using Splunk products.

Between Two Alerts: Phishing Emails - Less Ocean, More Aquarium

When we discuss Splunk Phantom with customers here at Splunk, we end up talking about phishing pretty frequently. As discussed in a recent blog post, "Phishing Emails — Don’t Get Reeled In!," phishing is a super common issue that almost everyone deals with ad nauseum. It’s also a nuisance to investigate. The good news is that automation excels at dealing with repetitive, mind-numbing workflows like phishing investigations.

Painting with Data: Choropleth SVG

With the release of the Splunk Enterprise Dashboards Beta version 0.5.2 comes an exciting new feature that I’m sure many people will find useful: Choropleth SVG Objects. What are Choropleth SVG Objects? Put simply, it’s painting with data. To help you navigate getting started with the current iteration of this feature, I’m writing a blog to show you just how easy it is to use and create absolutely custom SVG objects.

Derbyshire Fire & Rescue Service: Fighting cybersecurity fires with Splunk

Everyone at Splunk is very proud of the amazing things that our customers and partners do with their data. It is always extra special when one of those organisations is really doing good and looking after us all in our daily lives. I’m delighted to share one of those stories from the Derbyshire Fire & Rescue Service (DFRS) who is using Splunk as its data-driven SIEM.

Splunk Security Essentials 3.1: Enhanced MITRE ATT&CK Matrix: Find the Content that Matters the Most to You, Faster

One of the great things about developing for Splunk Security Essentials is that most of the features and capabilities are requested from customers and the security community. In this latest release (3.1), we added a feature that has been requested frequently: the ability to filter the ATT&CK Matrix for Cloud and SaaS Techniques. The MITRE ATT&CK Framework consists of multiple matrices such as Enterprise, Mobile, and ICS.

What's New in the Splunk Machine Learning Toolkit 5.2?

We're excited to announce that the Splunk Machine Learning Toolkit (MLTK) version 5.2 is available for download today on Splunkbase! Earlier this month, I discussed how the release of version 5.2 will make machine learning more accessible to more users. Splunk’s MLTK lets our customers apply machine learning to the data they're already capturing in Splunk, develop models, and operationalize these algorithms to glean new insights and make more informed decisions.

Approaching Kubernetes Security - Detecting Kubernetes Scan with Splunk

The Kubernetes framework has become the leading orchestration platform. Originally developed by Google, Kubernetes is a "platform for automating deployment, scaling, and operations of application containers across clusters of hosts" * . The kubernetes platform is used in all Cloud platform provider vendors as a tool that allows orchestration, automation and provision of applications and specific needs computing clusters and services.

Migrating your Splunkbase App and Users to Splunk 8.0

Earlier this year Python 2 entered End of Life — and Splunk has already released versions of Splunk Cloud and Splunk Enterprise that provide a Python 3 runtime. As the developer of an app that is published to Splunkbase, if your app contains Python code, you need to update it to work with Python 3 and Splunk Enterprise 8.0 by July 1, 2020 as the Splunk Enterprise and Splunk Cloud releases after that date will no longer support the Python 2 runtime.

Online Sales Are Up! Ensure Your E-Commerce Platform is Not Being Used for Fraud

Even with tough economic times, e-commerce is up 25% since the beginning of March. But, fraud has increased as well; according to Malwarebytes online credit card skimming has increased by 26% in March alone. In our April “Staff Picks for Splunk Security Reading” blog post, I referenced a story about an e-commerce site getting hacked with a “virtual card skimmer” (thanks Matthew Joseff for sharing this with me).

Getting Microsoft Azure Data into Splunk

If you're reading this, you're probably wondering how to get data from various Microsoft Azure services into Splunk. With the growing list of Azure services and various data access methods, it can be a little cloudy (pun intended) on what data is available and how to get all that data into Splunk. In this blog post, I'm going go over how Microsoft makes Azure data available, how to access the data, and out-of-the-box Splunk Add-Ons that can consume this data. So let's dive right in.

Splunk Attack Range Now With Caldera and Kali Linux

The Splunk Security Research Team has been working on new improvements and additions to the Splunk Attack Range, a tool that allows security researchers and analysts to quickly deploy environments locally and in the cloud in order to replicate attacks based on attack simulation engines. This deployment attempts to replicate environments at scale, including Windows, workstation/server, domain controller, Kali Linux, Splunk server and Splunk Phantom server.

Deep Learning Toolkit 3.1 - Release for Kubernetes and OpenShift

In sync with the upcoming release of Splunk’s Machine Learning Toolkit 5.2, we have launched a new release of the Deep Learning Toolkit for Splunk (DLTK) along with a brand new “golden” container image. This includes a few new and exciting algorithm examples which I will cover in part 2 of this blog post series.

Deep Learning Toolkit 3.1 - Examples for Prophet, Graphs, GPUs and DASK

In part 1 of this release blog series we introduced the latest version of the Deep Learning Toolkit 3.1 which enables you to connect to Kubernetes and OpenShift. On top of that a brand new “golden image” is available on docker hub to support even more interesting algorithms from the world of machine learning and deep learning! Over the past few months, our customers’ data scientists have asked for various new algorithms and use cases they wanted to tackle with DLTK.

Alerts to Incident Response in Three Easy Steps

You may already be using Splunk to ingest data and generate alerts and dashboards so you can take quick action on problems, but did you know you can quickly start a VictorOps trial and in three easy steps, have great Splunk alerts escalated to the right teams and people with a mobile app notification, SMS message or a live phone call?

Manufacturing in Crisis Mode: How Data Power Can Help

For those of you with some gray hair working in the manufacturing business, remember when order intake plunged suddenly by more than 40%? Remember when CFO and Controllers ruled the company, driving painful cost-cutting programs to counter double-digit business losses? It was the time of the Economic and Financial Crisis 2007/08, which forced manufacturing organizations to stare in the abyss.

Top Four Payoffs of Being a Data Innovator in Financial Services

I recently chatted with Adam DeMattia from leading research and analyst firm ESG in a webinar about data use maturity in financial services. According to the research1, 21% of financial services firms identify as data innovators (compared to 11% of global respondents) — those who make smarter use of data as a matter of strategic importance.

Why Are Financial Services Companies Turning to Data and Analytics to Deliver Improvements in Customer Experience?

Splunk’s recent "What Is Your Data Really Worth?" report1 highlighted the importance of data and analytics to financial services companies. In our global survey of business and IT decision makers2, 89% of respondents from financial services companies felt that the intelligent use of data and analytics is becoming the only source of differentiation in the industry.

IT Operations: The Value of Data

I recently participated in a webinar exploring the question "What is Your Data Really Worth?" in the context of financial services. Enterprise Strategy Group (ESG), in partnership with Splunk, performed a global research survey of 1,350 business and IT decision-makers across leading economies and industries. Over the course of the webinar we discussed their findings with my participation focused on IT Operations.

What is Your Data Worth in the Fight Against Fraud?

You don’t need us to tell you that fraud and financial crime is on the rise. A quick google search will give you endless stats to support this claim. Fraud losses are increasing as a percentage of revenue, and that direct impact on the bottom line isan area of laser focus for senior execs.

Splunk & Google Cloud Partnership: Gain Actionable Insights from Your Data

Digital transformation is reshaping every aspect of our lives—from health to education to economic prosperity, and data is at the heart of it. At Splunk, we are bringing data to everything, enabling organizations worldwide to investigate, monitor, analyze and act on their data across IT, Security, and DevOps use cases. Through this digitization, we see customers accelerate their journey to the cloud for increased agility, reduced costs, and faster time-to-market.

Unlock the Value in Google Cloud with Splunk Observability Solutions

We are excited to announce a strategic partnership with Google Cloud to bring real-time observability into Google Cloud Services and modern applications for our joint customers. Cloud has become essential to modernizing IT environments and enabling the digital initiatives of organizations large and small. Organizations undertake IT modernization – including cloud adoption – to accelerate innovation and increase operational efficiency while optimizing IT spend.

Making Machine Learning Accessible to More Users

As we connect with customers we increasingly hear the need for teams to be more predictive with their data. A big challenge is uncertainty around how to get started, especially when much of their data is unstructured. At Splunk, our goal is to make data — and machine learning — accessible for a broad range of users. The good news is, with machine learning doing even more work on your behalf, you don’t need to be a data scientist to use these advanced capabilities.

3 Tips for Building a Strong Unified Cloud Security Strategy

In a world full of threats targeting data as well as stringent compliance mandates, it’s never been more important to create a strong unified cloud security strategy. But as cloud environments become more complex and diverse, it’s also never been more difficult. Even if you’re partnering with a notably secure provider, it’s still important to understand your security responsibility and to be proactive about protecting your data in the cloud.

Delivering Successful Mission Outcomes in This New Normal

Is it week 6 or 8 of telework now? I can't keep up, and it's probably not worth counting anymore. By now, all agencies have a majority of their employees working remotely and adjusting to the new normal; and we, at Splunk, are as well. In a way — like our CIO, Steve McMahon, puts it — we did have an early start.