Modern IT & DevOps teams face increasingly complex environments — making it harder to quickly detect and resolve critical issues in real-time. To overcome this challenge, Splunk users can take advantage of ML-powered IT monitoring and DevOps solutions available in a scalable platform with state-of-the-art data analytics and AI/ML capabilities. In this blog, we deploy Splunk’s built-in Streaming ML algorithms to detect anomalous patterns in error logs in real-time.

If you’re new to the Splunk Dashboards app (beta) on Splunkbase and you’re trying to get started with building beautiful dashboards, this blog series is a great place to start. The Splunk Dashboards app (beta) brings a new dashboard framework, intended to combine the best of Simple XML and Glass Tables, and provides a friendlier experience for creating and editing dashboards.

In Part 1 and Part 2 of this series, we explored the design philosophy behind Splunk Connect for Syslog (SC4S), the goals of the design, and the new HEC-based transport architecture, as well as the rudiments of high-level configuration. We'll now turn our attention to the specifics of SC4S configuration, including a review of the local (mounted) file system layout and the areas in which you'll be working.

Previous installments of this series have given you the overview and configuration details you need to ingest any source that is supported by Splunk Connect for Syslog and configure customizations and overrides that match your enterprise. This leaves one key capability of SC4S that we have not yet covered, and that is extending the platform itself. In this installment, we'll walk through the configuration of an entirely new data source – one that SC4S does address out of the box.

With a turbulent year and 2020 coming to its end, I’d like to thank you for your continued interest in my blog posts. In my last .conf talks I received a lot of positive feedback combined with the ask to have more posts with such content, so thanks for motivating me and here we go! Recently, my colleague Dimitris wrote about how you can set up DLTK on a AWS GPU Instance.

The Splunk Augmented Reality (AR) team is excited to share more with you. In our first AR post, "Splunk AR: Taking Remote Collaboration To The Future is Already Here," from .conf20, we talked about our new Remote Collaboration feature, which helps field workers and remote experts collaborate in AR. In today’s post, we'll talk about our advancements in Object Detection. This new feature makes it even easier to deploy Splunk AR with your assets.

This blog is part two of Splunk's Sunburst Backdoor response aimed at providing additional guidance to our customers (you can read part one, "Using Splunk to Detect Sunburst Backdoor," by Ryan Kovar). In this blog, we’ll cover how to ingest threat indicators to combat Sunburst Backdoor in Splunk Enterprise Security (ES).

The news of the “Sunburst Backdoor” malware delivered via SolarWinds Orion software has organizations choosing to shut down Orion to protect themselves. This includes several U.S. government organizations following the recent CISA guidance. If you are considering a similar response in your own environment, a critical next step is quickly restoring the lost visibility to the health and operations of your infrastructure.

Genesys is one of the world’s leading Contact Centre platforms, offering their customers the ability to deliver superior experiences. Genesys offers a range of solutions which cover SaaS, multi-cloud, and on-premises options to cater for all of their customer requirements. Splunk is traditionally known for helping customers with challenges around IT monitoring and security requirements regardless of whether they are running an on-premises datacenter or have a cloud first approach.

The Well-Architected Tool is a new AWS service that compares the state of your workloads with AWS architectural best practices. Splunking your workload state and improvement recommendations will give you better insights into your applications as well as best practices to follow along your cloud journey. The Well-Architected integration in Grand Central will give you workload insights broken down by the following 5 pillars.

As we approach the end of an unpredictable year, it’s a good time to reflect on the ways data has made a positive impact. Data is helping stop human trafficking with Global Emancipation Network, connected relief resources during crises with NetHope, and saved lives during wildfires with Zonehaven. And with our powerful partner ecosystem, and the arrival of the Data Age, there is so much more we can accomplish together.

TL;DR: This blog contains some immediate guidance on using Splunk Core and Splunk Enterprise Security to protect (and detect activity on) your network from the Sunburst Backdoor malware delivered via SolarWinds Orion software. Splunk’s threat research team will release more guidance in the coming week. Also please note that you may see some malicious network activity but it may not mean your network is compromised. As always review carefully.

Ever wanted to see and experience your data in 3D? Splunk VR unlocks the third dimension for data visualizations, so you can naturally interact with visualizations in virtual reality and find insights faster than ever before. Use Splunk VR to give your workflow an infinite canvas, free your data exploration from limited monitor screens, and display as much information as you want around you.

2020 was a crazy year with tremendous disruption, hardship, and loss. While the pandemic brings social and economic chaos, it is also changing the very nature of how we live and work. This year we have seen a new wave of digital transformation amongst various business sectors and dramatic shifts in consumer behavior.

The global pandemic has fueled a rapid digital transformation — and led to permanent shifts in cybersecurity. In a recent joint webinar with Bryan McAninch, senior solutions engineer at Splunk, and guest speaker Chris Kissel from IDC, "Sp(e)lunking Security with MITRE ATT&CK® featuring IDC Research," they shared seven overarching trends in cybersecurity for 2021. One notable, but foundational, trend mentioned was the need to understand risk.

We’re thrilled to share the news that Splunk has been named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2020. It’s an honor to be named a Leader by Forrester. We view it as an affirmation of our commitment to customer success and a reflection of our ability to understand their needs. Through close collaboration with our customers, we have developed innovative solutions to protect their data hosted in on-premises, hybrid or multi-cloud environments.

Last year at .conf19, we announced the GA release of Splunk TV, our free app for Apple TV that provides users with a secure, reliable, read-only platform to display Splunk dashboards on their TVs. Splunk TV was built with security in mind, to power your SOCs and NOCs. Using Splunk TV instead of running dedicated computers to power each screen saves money and increases security. The read-only experience eliminates the risk of someone with physical access tampering with your environment.

It was over a month ago that I promised we would tie together Splunk Security Content and the Splunk Attack Range to automatically test detections. Ultimately, using these projects together in a Continuous Integration / Continuous Delivery (CI/CD) workflow with CircleCI brings the rigors of software development to the SOC and truly treats 🛡detection as code. Well, I want to share how we have failed at achieving this goal.

Well, it’s been a while since you read a blog dedicated to the latest release – okay, the latest several releases – of Splunk Security Essentials (SSE). We have been busy behind the scenes, however, so let’s catch you up on SSE’s latest features, which include the new version of our content API, and externally with updates from MITRE and the release of ATT&CK v7.2 (with Sub-Techniques) and ATT&CK v8.

We are excited to announce that Splunk Infrastructure Monitoring has achieved Outposts Ready designation. This designation recognizes that Splunk provides proven solutions for customers to build, manage and run hybrid cloud applications. AWS Outposts Ready designation establishes Splunk as an AWS Partner Network (APN) member that provides validated integrations with a specific focus on observability and monitoring of AWS Outposts deployments.

We are excited to partner with AWS in launching Amazon EKS Distro (EKS-D), the official Amazon Kubernetes distribution, which includes the same secure, validated, and tested components that power Amazon EKS. Splunk Infrastructure Monitoring provides a turn-key, enterprise-grade Kubernetes monitoring solution for Amazon EKS. Additionally, Splunk Infrastructure Monitoring provides out-of-the-box monitoring of Kubernetes Control Plane.