San Francisco, CA, USA
Apr 8, 2021   |  By Kelly Huang
Security orchestration, automation and response (SOAR) tools are most commonly known for automating manual security operations processes in order to expedite security investigations or cyber response. For instance, Splunk’s SOAR technology, Splunk Phantom, is most commonly used to automate alert triage, phishing investigation and response, threat hunting and vulnerability management.
Apr 7, 2021   |  By Gleb Esman
Link analysis, which is a data analysis approach used to discover relationships and connections between data elements and entities, has many use cases including cybersecurity, fraud analytics, crime investigations, and finance. In my last post, "Advanced Link Analysis: Part 1 - Solving the Challenge of Information Density," I covered how advanced link analysis can be used to solve the challenge of information density.
Apr 5, 2021   |  By Splunk Threat Research Team
The Splunk Threat Research Team recently developed an analytic story to help security operations center (SOC) analysts detect adversaries attempting to escalate their privileges and gain elevated access to Amazon Web Services (AWS) resources. In this blog, we’ll walk you through an AWS privilege escalation analytic story, demonstrate how we simulated these attacks using Atomic Red Team, collect and analyze the AWS cloudtrail logs, and highlight a few detections from the March 2021 releases.
Apr 5, 2021   |  By Tom Chavez
The cold season is hopefully coming to an end, and Spring is here! And just like the changes in the seasons, we have a new SDK release, updated developer docs, and other signs of new growth! It’s a great time to update your apps using the latest SDKs for the latest Splunk Cloud and Splunk Enterprise releases. Plant your session proposal in the .conf21 Call For Speakers! It's also time to prune away some older jQuery and Python versions support. Read on for the latest news.
Apr 2, 2021   |  By Clara Merriman
So you want to build a better dashboard, do you? Well good, you’ve come to the right place! Splunk dashboards are amazing. They are incredibly versatile and customizable. The creation of a dashboard is incredibly simple and can be done all through the UI. If more in-depth customization is required, that can be done through the SimpleXML using HTML panels, in-line CSS, or by uploading a new app from Splunkbase or custom JS/CSS.
Apr 2, 2021   |  By Courtney Gannon
Since the OpenTelemetry Tracing Specification reached 1.0.0 — guaranteeing long-term stability for the tracing portion of the OpenTelemetry clients, the community has been busy working to get the SDKs and APIs for popular programming language ready to be GA. Next in our ‘Getting Started with OpenTelemetry’ Series, we’ll walk you through instrumenting a Python application and install both the OpenTelemetry API and SDK.
Mar 31, 2021   |  By Matthias Maier
Hey there, We recently ran a series of webinars* on how different-sized cybersecurity teams modernized their security operations and embedded polling questions within the webinars to gather some feedback. A set of possible answers was selected based on the ENISA NIS Investments report. In this blog post I’d like to share the results of the polls and the conclusions we can draw from them.
Mar 31, 2021   |  By Greg Ainslie-Malik
Many of you might have seen our blogs about different techniques for identifying anomalies. Perhaps you even have a handful of analytics running in Splunk to identify anomalies in your data using statistical models, using probability density functions or even using clustering.
Mar 31, 2021   |  By Philip Royer
In January and February of 2021, the threat actor called Hafnium used a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched).
Mar 30, 2021   |  By Collin Chau
By 2022, Gartner estimates that more than 3 out of 4 global organizations will be running containerized applications in production. With this comes a new set of monitoring challenges — ephemeral, short-lived infrastructure, complex service interdependencies and on-call developers who now need access to data for fast troubleshooting, just to name a few.
Apr 9, 2021   |  By Splunk
Hafnium is the latest cyberattack that utilizes a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched). Learn how you can use Splunk Phantom to automate account monitoring to ensure that threat actors are not exploiting vulnerabilities to access sensitive information through authenticated accounts.
Apr 7, 2021   |  By Splunk
Check out a demo of SMLE Labs (beta). SMLE is a purpose-built environment, bringing the power of data science and machine learning to production workloads for our Splunk customers. We support a seamless end-to-end ML journey with development, deployment, monitoring, and management — eliminating disjointed solutions with a new, streamlined experience optimized for productivity.
Mar 23, 2021   |  By Splunk
Splunk Dashboard Studio is our new and intuitive dashboard-building experience that allows you to communicate even your most complex data stories. This demo walks you through the key capabilities to leverage when building dashboards in Splunk. For more information, check out the Dashboard Studio documentation.
Mar 18, 2021   |  By Splunk
Analysts are often overwhelmed with a large volume of security events. Phantom makes event management easy by consolidating all events from multiple sources into one place.
Mar 18, 2021   |  By Splunk
Phantoms Main Dashboard provides an overview of all your data and activity, notable events, playbooks, connections with other security tools, workloads, ROI, and so much more.
Mar 18, 2021   |  By Splunk
Playbooks are the codification of your Security Operations (SecOps) plan. In practice, they’re high-level Python scripts that Phantom interprets in order to execute your mission.
Mar 17, 2021   |  By Splunk
While DevSecOps feels like just another industry term, engineering teams everywhere are feeling greater and greater accountability for the security and stability of applications they build. DevSecOps is a practice, not a product. The practice consists of three primary use cases. For enterprises to be successfully implementing DevSecOps practices they need to focus on visibility, consistent communication, and data-driven incident response.
Mar 9, 2021   |  By Splunk
The combination of Crowdstrike and Splunk Phantom together allows for a more smooth operational flow from detecting endpoint security alerts to operationalizing threat intelligence and automatically taking the first few response steps – all in a matter of seconds. In this video, distinguished Phantom engineer Philip Royer will walk you through an out-of-the-box playbook that you can set up in Phantom to triage malware detections from Crowdstrike and automate a variety of responses based on an informed decision by an analyst.
Mar 1, 2021   |  By Splunk
DevOps culture is not all hoodies and pizza parties. Collaboration between development, operations, and security teams has a much more practical side. It comes down to data, visibility, and sharing. In this episode of Dissecting DevOps, Dave and Chris explore the reality of collaboration in DevOps environments.
Feb 23, 2021   |  By Splunk
As security practitioners, we all have things we want to be able to tell our CISO’s. We need to tell them we need more money, more headcount, we need to be able to tell them their baby (security program) is ugly. Everyone wants the ear of a CISO for the dollars they control. We just want their ear to help them understand what’s really going on in the industry and in their organization.
Nov 16, 2018   |  By Splunk
Gaining insights from your data requires more than collecting and analyzing metrics and logs. With the acceleration of customer and business demands, site reliability engineers and IT Ops analysts now require operational visibility into their entire architecture, something that traditional APM tools, dev logging tools, and SRE tools aren’t equipped to provide. Observability enables you to inspect and understand your IT stack; but what is it, and how does it differ from IT monitoring?
Oct 21, 2018   |  By Splunk
Imagine a world where incident alerts arrive 30 minutes before problems even begin — you’d actually have the power to prevent outages and deliver a truly seamless experience to your customers. Sound impossible? Think again — the right AIOps (Artificial Intelligence for IT Operations) solution can help you maintain uptime, reduce manual incident-management tasks and increase productivity.
Oct 21, 2018   |  By Splunk
The hype around artificial intelligence (AI) and machine learning (ML) has exploded, sometimes overshadowing the real uses and innovations happening everyday at organizations across the globe. The reality is that applying AI and ML to data-dependent challenges presents opportunity for better security, faster innovation and overall improved efficiency.
Oct 1, 2018   |  By Splunk
Most IT organizations have adopted event management as a central practice to help find and fix what’s broken, but today's tools focus on managing the volume of events—they do not deliver service context. Without context, you are ill-equipped to focus on the right problem at the right time. What you need is something different—something that makes IT events less eventful and more insightful—and now, you can finally do it!
Oct 1, 2018   |  By Splunk
At Splunk, we make it easy for our customers to turn mountains of machine data in their Amazon Web Services (AWS) and hybrid environments into valuable business, operational and security insights that improve their businesses.
Sep 1, 2018   |  By Splunk
The financial services industry has unique challenges that often prevent it from achieving its strategic goals. The keys to solving these issues are hidden in machine data—the largest category of big data—which is both untapped and full of potential.
Sep 1, 2018   |  By Splunk
From protecting customer experience to preserving lines of revenue, IT operations teams are faced with increasingly complex responsibilities while being required to prevent outages that could harm the organization. Splunk IT Service Intelligence (ITSI) utilizes AI powered by machine learning to deliver a predictive IT and ensure optimal application performance and quality.
Aug 1, 2018   |  By Splunk
Splunk is probably the single most powerful tool for searching and exploring data you will ever encounter. Exploring Splunk provides an introduction to Splunk -- a basic understanding of Splunk's most important parts, combined with solutions to real-world problems.
Aug 1, 2018   |  By Splunk
Let’s face it — the struggle to monitor basic server metrics in modern hybrid infrastructures is real. But deploying and maintaining monitoring tools doesn’t have to be a major headache. Splunk Insights for Infrastructure can help your team index both Linux and AWS data, enabling them to quickly identify and remediate the root cause of problems.
Jul 1, 2018   |  By Splunk
Operational intelligence, derived from the collection and analysis of machine-generated data, has often been used purely for the monitoring and management of IT infrastructure, applications and security. However, such data can also provide invaluable insight across the rest of the business.

Splunk produces software for searching, monitoring, and analyzing machine-generated big data, via a Web-style interface.

Splunk turns machine data into answers. Regardless of your organization’s size and industry, Splunk can giveyou the answers you need to solve your toughest IT, security and business challenges—with the option todeploy on-premises, in the cloud or via a hybrid approach.

Work the Way Your Data Works:

  • Real-Time: Splunk gives you the real-time answers you need to meet customer expectations and business goals.
  • Machine Data: Use Splunk to connect your machine data and gain insights into opportunities and risks for your business.
  • Scale: Splunk scales to meet modern data needs — embrace the complexity, get the answers.
  • AI and Machine Learning: Leverage artificial intelligence (AI) powered by machine learning for actionable and predictive insights.

Any Question. Any Data. One Splunk.