When running Splunk Phantom with AWS services, it can be tricky to make sure Splunk Phantom has the right access. When you’re managing multiple AWS accounts, the effort to configure Splunk Phantom’s access to every account can feel insurmountable. Fortunately, Amazon has the Security Token Service to solve this problem with temporary credentials, so we’ve integrated it with Splunk Phantom!

Splunk Lantern, your go-to source for outcome-oriented, actionable Splunk content, just got a makeover. You can now more easily navigate with a new interface, take advantage of new features to help you find the content you need, and access new content types to achieve your goals.

If you were using the Splunk App for Infrastructure (SAI) and / or other Splunk apps for infrastructure — *nix, Windows, and VMware — you’ve probably enjoyed the ease and quickness these apps offered to get started with basic infrastructure monitoring tasks.

This is Part 3 of the Advanced Link Analysis series, which showcases the interactive visualization of advanced link analysis with Splunk partner, SigBay. The biggest challenge for any data analytics solution is how it can handle huge amounts of data for demanding business users. This also puts pressure on data visualization tools. This is because a data visualization tool is expected to represent reasonably large amounts of data in an intelligent, understandable and interactive manner.

As companies accelerate their digital transformation, technology innovations are now a critical component of any business strategy. Industry leaders are spending more money on technology than their counterparts, prioritizing growth and customers. CEOs now see CIOs and tech leaders as their primary partners in driving business innovation.

The great Ricky Bobby from Talladega Nights once said, “If you ain’t first, you’re last.” Whether we’re talking about a NASCAR race or responding to a security alert, being able to quickly discover attacks and adversaries and respond rapidly is critically important to reducing risks and managing threats to your organization. How do we suggest you do that? With a SOAR (Security Orchestration Automation & Response) tool.

The ransomware campaign against the Colonial Pipeline highlights the dangers and real-life consequences of cyberattacks. If you want to understand how to use Splunk to find activity related to the DarkSide Ransomware, we highly recommend you first read “The DarkSide of the Ransomware Pipeline” from Splunk’s Security Strategist team. In short, according to the FBI, the actors behind this campaign are part of the “DarkSide” group.

Welcome back to another day in paradise. Today we are announcing the release of Splunk Enterprise 8.2. Since our last release of Splunk Enterprise 8.1 at .conf20, we have continued development of new and enhanced capabilities for our twice a year release cadence. In Splunk Enterprise 8.2, we have focused our development offers across a number of themes: insights, admin productivity, data infrastructure, and performance.

I’m sure many of you will have tried out the predictive features in ITSI, and you may even have a model or two running in production to predict potential outages before they occur. While we present a lot of useful metrics about the models’ performance at the time of training, how can you make sure that it is still generating accurate predictions? Inaccuracy in models as the underlying data or systems change over time is natural.

Today’s software is incredibly complicated and creates tons of data. Metrics, logs, and traces are generated constantly by hundreds of services for even simple applications. Every transaction can generate on the order of kilobytes of metadata about the transaction — and multiplying that to account for even a small amount of concurrency can create a few megabytes a second (or ~300GB/day) of data that needs to be captured and analyzed for later use.

Every career has defining moments. Most are spread out over years or even decades, but the cybersecurity world has had two career-defining moments just in the past year. It started with the global shutdown due to the COVID-19 pandemic. Overnight, many organizations were forced to support employees working remotely. CISOs, like me, were expected to keep both our company and its employees safe in a completely unpredictable world.

Amazon Web Services (AWS) recently announced the launch of CloudWatch Metric Streams. Cloudwatch Streams can stream metrics from a number of different AWS resources using Amazon Kinesis Data Firehose to target destinations. The new service is different from the current architecture. Instead of polling, metrics are delivered via an Amazon Kinesis Data Firehose stream. This is a highly scalable and far more efficient way to retrieve AWS service metrics.

Despite the myriad pathways to initial access on our networks, phishing remains the single most popular technique for attackers. The open nature of email and our reliance on it for communication make it difficult for defenders to classify messages, so it is no surprise that suspicious email investigation is a top use case for automation. Today, we are releasing a new community playbook for Splunk SOAR (previously Splunk Phantom) to help enrich suspicious email events.

Observability is a mindset that enables you to answer any question about your entire business through collection and analysis of data.

Clop Ransomware has been active since 2019 and has been mostly associated with financially-driven criminal groups. However, lately this ransomware payload has been observed in campaigns against universities and other institutions in the education vertical.