SlideShare une entreprise Scribd logo

SplunkLive! Philadelphia - University of Scranton

Splunk
Splunk
Technologie
1  sur  16
Calvin Krzywiec Network Engineer Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 11 Listen to your data. Copyright © 2012, Splunk Inc.
About University of Scranton • Jesuit University, founded in 1888 • Regional, comprehensive university with a total enrollment of more than 6,000 students in 86 undergraduate and graduate programs • Scranton stands among the top tier of universities recognized nationally, with rankings in a multitude of venues (US News Top 10 Regional, Princeton Review Top 300, Forbes.com) Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 2 Listen to your data. Copyright © 2012, Splunk Inc.
What We Do... • Ensure security (C-I-A) of all University information assets • Focus on detection and quarantine of infected endpoints • Data stewardship / Security governance • Distributed security responsibilities (SecOPs) • Network Security Infrastructure “Splunk is our Security Solution.” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 3 Listen to your data. Copyright © 2012, Splunk Inc.
Splunk at the UofS • Splunk users for ~4 years • Needed enterprise solution for syslog collection/correlation • Evaluated Open Source solutions • 500 MB evaluation license of Splunk • Focused on collection from key network systems • But now…. Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 4 Listen to your data. Copyright © 2012, Splunk Inc.
If You Got It, Splunk It Centralized log collection • Key Enterprise systems • Firewalls • Networking equipment • Intrusion detection/prevention systems • DNS queries, URL access • DHCP servers • Active Directory, LDAP “We didn't do anything like this before Splunk.” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 5 Listen to your data. Copyright © 2012, Splunk Inc.
Security at a Mobile Friendly Campus PROBLEM: Network Address Translation: private vs public IP address. Most external reports give time stamp and public IP address information but we need to know who is behind it. Higher Education Opportunity Act requires a system in place to combat copyright infringement. • Cisco Network Access Control logs, DHCP logs, NAT translation logs in Splunk • Ability to connect the dots quickly • Wrote an IP tracker app (java) – which talks to Splunk over APIs – lookup function Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 6 Listen to your data. Copyright © 2012, Splunk Inc.
External Application Integration Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 7 Listen to your data. Copyright © 2012, Splunk Inc.
External Application Integration Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 8 Listen to your data. Copyright © 2012, Splunk Inc.
Automated Searches • Saved searches – Network access control system – Things being dropped by internal and external firewalls (dashboard) – Automated alert for stolen goods (MAC address) Detect – SPAM – Alert conditions on servers – Activity with routing protocols – Bad actors trying to access VPN / Digital Reserves / SSH / etc. “Splunk helped us immensely with indexing, analyzing and correlating data. ” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 9 Listen to your data. Copyright © 2012, Splunk Inc.
Network Security Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 10 Listen to your data. Copyright © 2012, Splunk Inc.
Network Security Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 11 Listen to your data. Copyright © 2012, Splunk Inc.
Network Operations Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 12 Listen to your data. Copyright © 2012, Splunk Inc.
Computer Security Incident Response Team Investigations • Splunk – MAC address, User Name, Public and Private IP addresses • Set window around known time of infection • Result: insight into how, when and where host was compromised “Being able to put 1 parameter in and chasing it across the network is great! ” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 13 Listen to your data. Copyright © 2012, Splunk Inc.
Splunk 4.3 – Winner! • Bloom-filters • IPv6 support • Non-Flash UI • Historic Versions (whoops!) • JSON XML field extractions • Native Python and Java SDKs exciting Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 14 Listen to your data. Copyright © 2012, Splunk Inc.
Future Plans • Synchronization with Active Directory • Identify financial aid fraud with correlation of event logs • Data mining webserver logs • Using Splunk for Institutional Research • Speed of light calculations on geoip data Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 15 Listen to your data. Copyright © 2012, Splunk Inc.
Thank you! Tony "Pancakes" Maszeroski Information Security Manager Calvin Krzywiec Network Engineer Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 16 16 Listen to your data. Copyright © 2012, Splunk Inc.

Recommandé

SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunk
 
SplunkLive! Customer Presentation – Virtustream
SplunkLive! Customer Presentation – VirtustreamSplunkLive! Customer Presentation – Virtustream
SplunkLive! Customer Presentation – VirtustreamSplunk
 
Managing Security with Splunk Enterprise
Managing Security with Splunk EnterpriseManaging Security with Splunk Enterprise
Managing Security with Splunk EnterpriseSplunk
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicCharles Lim
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
Monitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusionMonitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusionCharles Lim
 

Recommandé

SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunk
 
SplunkLive! Customer Presentation – Virtustream
SplunkLive! Customer Presentation – VirtustreamSplunkLive! Customer Presentation – Virtustream
SplunkLive! Customer Presentation – VirtustreamSplunk
 
Managing Security with Splunk Enterprise
Managing Security with Splunk EnterpriseManaging Security with Splunk Enterprise
Managing Security with Splunk EnterpriseSplunk
 
Advanced persistent threat (apt)
Advanced persistent threat (apt)Advanced persistent threat (apt)
Advanced persistent threat (apt)mmubashirkhan
 
Toward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicToward revealing Advanced Persistence Threats in your organization - Public
Toward revealing Advanced Persistence Threats in your organization - PublicCharles Lim
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Applying Machine Learning to Network Security Monitoring - BayThreat 2013Alex Pinto
 
Monitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusionMonitoring indonesia darknets - Revealing the unseen security intrusion
Monitoring indonesia darknets - Revealing the unseen security intrusionCharles Lim
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftDamir Delija
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunk
 
Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of EnglandSplunk
 
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicSistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicCharles Lim
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatCharles Lim
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Enterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsEnterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsSplunk
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
Infosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat IntelligenceInfosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat IntelligenceSplunk
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics pptRoshiniVijayakumar1
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionYolanta Beresna
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware lyLisa Young
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk
 
Customer Presentation - KCP&L
Customer Presentation - KCP&LCustomer Presentation - KCP&L
Customer Presentation - KCP&LSplunk
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Splunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk
 
SplunkLive Miami Carnival Cruiselines - John Masseria
SplunkLive Miami Carnival Cruiselines - John MasseriaSplunkLive Miami Carnival Cruiselines - John Masseria
SplunkLive Miami Carnival Cruiselines - John MasseriaSplunk
 
SplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - InteracSplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - InteracSplunk
 

Contenu connexe

Tendances

Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftDamir Delija
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunk
 
Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of EnglandSplunk
 
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicSistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicCharles Lim
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?festival ICT 2016
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatCharles Lim
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringLancope, Inc.
 
Enterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsEnterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsSplunk
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysisCharles Lim
 
Infosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat IntelligenceInfosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat IntelligenceSplunk
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionYolanta Beresna
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismGlobal Micro Solutions
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk
 
Customer Presentation - KCP&L
Customer Presentation - KCP&LCustomer Presentation - KCP&L
Customer Presentation - KCP&LSplunk
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...Luigi Delgrosso
 
Splunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk
 

Tendances (20)

Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
 
SplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud DetectionSplunkLive! Splunk for Insider Threats and Fraud Detection
SplunkLive! Splunk for Insider Threats and Fraud Detection
 
Splunk at the Bank of England
Splunk at the Bank of EnglandSplunk at the Bank of England
Splunk at the Bank of England
 
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru publicSistem pemantauan ancaman serangan siber di indonesia generasi baru public
Sistem pemantauan ancaman serangan siber di indonesia generasi baru public
 
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
Advanced Persistent Threat: come muoversi tra il marketing e la realtà?
 
Mengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih DekatMengenal ZEUS Botnet Lebih Dekat
Mengenal ZEUS Botnet Lebih Dekat
 
Combating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security MonitoringCombating Advanced Persistent Threats with Flow-based Security Monitoring
Combating Advanced Persistent Threats with Flow-based Security Monitoring
 
Enterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior AnalyticsEnterprise Sec + User Bahavior Analytics
Enterprise Sec + User Bahavior Analytics
 
H@dfex 2015 malware analysis
H@dfex 2015 malware analysisH@dfex 2015 malware analysis
H@dfex 2015 malware analysis
 
Infosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat IntelligenceInfosecurity Europe 2016: Operationalizing Threat Intelligence
Infosecurity Europe 2016: Operationalizing Threat Intelligence
 
Splunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk EMEA Webinar: Scoping infections and disrupting breaches
Splunk EMEA Webinar: Scoping infections and disrupting breaches
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
 
Introduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivismIntroduction to the advanced persistent threat and hactivism
Introduction to the advanced persistent threat and hactivism
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk ScoringSplunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
Splunk conf2014 - Detecting Fraud and Suspicious Events Using Risk Scoring
 
Customer Presentation - KCP&L
Customer Presentation - KCP&LCustomer Presentation - KCP&L
Customer Presentation - KCP&L
 
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
IBM ridefinisce la strategia e l'approccio verso gli Avanced Persistent Threa...
 
Splunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EUSplunk Live! Utrecht 2016 - CERT EU
Splunk Live! Utrecht 2016 - CERT EU
 

Similaire à SplunkLive! Philadelphia - University of Scranton

SplunkLive Miami Carnival Cruiselines - John Masseria
SplunkLive Miami Carnival Cruiselines - John MasseriaSplunkLive Miami Carnival Cruiselines - John Masseria
SplunkLive Miami Carnival Cruiselines - John MasseriaSplunk
 
SplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - InteracSplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - InteracSplunk
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentationjpelletier123
 
SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunk
 
Paris live eddiesatterly_022013
Paris live eddiesatterly_022013Paris live eddiesatterly_022013
Paris live eddiesatterly_022013jenny_splunk
 
SplunkLive! Charlotte Bronto Software
SplunkLive! Charlotte Bronto SoftwareSplunkLive! Charlotte Bronto Software
SplunkLive! Charlotte Bronto SoftwareSplunk
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners SessionDavid Lutz
 
SplunkLive! Chicago April 2013 - Fieldglass
SplunkLive! Chicago April 2013 - FieldglassSplunkLive! Chicago April 2013 - Fieldglass
SplunkLive! Chicago April 2013 - FieldglassSplunk
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunk
 
Splunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner SymposiumSplunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner SymposiumEddie Satterly
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Splunk for Online Services Event featuring Box.net
Splunk for Online Services Event featuring Box.netSplunk for Online Services Event featuring Box.net
Splunk for Online Services Event featuring Box.netSplunk
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical OverviewDavid Lutz
 
SplunkLive New York 2011: DealerTrack
SplunkLive New York 2011: DealerTrackSplunkLive New York 2011: DealerTrack
SplunkLive New York 2011: DealerTrackSplunk
 
Protecting Software: Agencies Respond
Protecting Software: Agencies RespondProtecting Software: Agencies Respond
Protecting Software: Agencies Respondasauers
 
SplunkLIve! Charlotte, Lumos Networks
SplunkLIve! Charlotte, Lumos NetworksSplunkLIve! Charlotte, Lumos Networks
SplunkLIve! Charlotte, Lumos NetworksSplunk
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer PresentationSplunk
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer PresentationSplunk
 

Similaire à SplunkLive! Philadelphia - University of Scranton (20)

SplunkLive Miami Carnival Cruiselines - John Masseria
SplunkLive Miami Carnival Cruiselines - John MasseriaSplunkLive Miami Carnival Cruiselines - John Masseria
SplunkLive Miami Carnival Cruiselines - John Masseria
 
SplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - InteracSplunkLive! Denver - Nov 2012 - Interac
SplunkLive! Denver - Nov 2012 - Interac
 
Splunk sales presentation
Splunk sales presentationSplunk sales presentation
Splunk sales presentation
 
SplunkLive! Toronto - Ceryx
SplunkLive! Toronto - CeryxSplunkLive! Toronto - Ceryx
SplunkLive! Toronto - Ceryx
 
Paris live eddiesatterly_022013
Paris live eddiesatterly_022013Paris live eddiesatterly_022013
Paris live eddiesatterly_022013
 
SplunkLive! Charlotte Bronto Software
SplunkLive! Charlotte Bronto SoftwareSplunkLive! Charlotte Bronto Software
SplunkLive! Charlotte Bronto Software
 
dlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Sessiondlux splunk>live! 2012 Beginners Session
dlux splunk>live! 2012 Beginners Session
 
SplunkLive! Chicago April 2013 - Fieldglass
SplunkLive! Chicago April 2013 - FieldglassSplunkLive! Chicago April 2013 - Fieldglass
SplunkLive! Chicago April 2013 - Fieldglass
 
SplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners SessionSplunkLive 2011 Beginners Session
SplunkLive 2011 Beginners Session
 
Splunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner SymposiumSplunk at Expedia - Gartner Symposium
Splunk at Expedia - Gartner Symposium
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
ION San Diego - Advancing the Network Introductory Slides
ION San Diego - Advancing the Network Introductory SlidesION San Diego - Advancing the Network Introductory Slides
ION San Diego - Advancing the Network Introductory Slides
 
Splunk for Online Services Event featuring Box.net
Splunk for Online Services Event featuring Box.netSplunk for Online Services Event featuring Box.net
Splunk for Online Services Event featuring Box.net
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
 
SplunkLive New York 2011: DealerTrack
SplunkLive New York 2011: DealerTrackSplunkLive New York 2011: DealerTrack
SplunkLive New York 2011: DealerTrack
 
Ug soar 22sep21
Ug soar 22sep21Ug soar 22sep21
Ug soar 22sep21
 
Protecting Software: Agencies Respond
Protecting Software: Agencies RespondProtecting Software: Agencies Respond
Protecting Software: Agencies Respond
 
SplunkLIve! Charlotte, Lumos Networks
SplunkLIve! Charlotte, Lumos NetworksSplunkLIve! Charlotte, Lumos Networks
SplunkLIve! Charlotte, Lumos Networks
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer Presentation
 
AdvancedMD Customer Presentation
AdvancedMD Customer PresentationAdvancedMD Customer Presentation
AdvancedMD Customer Presentation
 

Plus de Splunk

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routineSplunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTVSplunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)Splunk
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank InternationalSplunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)Splunk
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College LondonSplunk
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSplunk
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability SessionSplunk
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - KeynoteSplunk
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform SessionSplunk
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 

Plus de Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Dernier

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Dernier (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

SplunkLive! Philadelphia - University of Scranton

  • 1. Calvin Krzywiec Network Engineer Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 11 Listen to your data. Copyright © 2012, Splunk Inc.
  • 2. About University of Scranton • Jesuit University, founded in 1888 • Regional, comprehensive university with a total enrollment of more than 6,000 students in 86 undergraduate and graduate programs • Scranton stands among the top tier of universities recognized nationally, with rankings in a multitude of venues (US News Top 10 Regional, Princeton Review Top 300, Forbes.com) Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 2 Listen to your data. Copyright © 2012, Splunk Inc.
  • 3. What We Do... • Ensure security (C-I-A) of all University information assets • Focus on detection and quarantine of infected endpoints • Data stewardship / Security governance • Distributed security responsibilities (SecOPs) • Network Security Infrastructure “Splunk is our Security Solution.” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 3 Listen to your data. Copyright © 2012, Splunk Inc.
  • 4. Splunk at the UofS • Splunk users for ~4 years • Needed enterprise solution for syslog collection/correlation • Evaluated Open Source solutions • 500 MB evaluation license of Splunk • Focused on collection from key network systems • But now…. Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 4 Listen to your data. Copyright © 2012, Splunk Inc.
  • 5. If You Got It, Splunk It Centralized log collection • Key Enterprise systems • Firewalls • Networking equipment • Intrusion detection/prevention systems • DNS queries, URL access • DHCP servers • Active Directory, LDAP “We didn't do anything like this before Splunk.” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 5 Listen to your data. Copyright © 2012, Splunk Inc.
  • 6. Security at a Mobile Friendly Campus PROBLEM: Network Address Translation: private vs public IP address. Most external reports give time stamp and public IP address information but we need to know who is behind it. Higher Education Opportunity Act requires a system in place to combat copyright infringement. • Cisco Network Access Control logs, DHCP logs, NAT translation logs in Splunk • Ability to connect the dots quickly • Wrote an IP tracker app (java) – which talks to Splunk over APIs – lookup function Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 6 Listen to your data. Copyright © 2012, Splunk Inc.
  • 7. External Application Integration Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 7 Listen to your data. Copyright © 2012, Splunk Inc.
  • 8. External Application Integration Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 8 Listen to your data. Copyright © 2012, Splunk Inc.
  • 9. Automated Searches • Saved searches – Network access control system – Things being dropped by internal and external firewalls (dashboard) – Automated alert for stolen goods (MAC address) Detect – SPAM – Alert conditions on servers – Activity with routing protocols – Bad actors trying to access VPN / Digital Reserves / SSH / etc. “Splunk helped us immensely with indexing, analyzing and correlating data. ” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 9 Listen to your data. Copyright © 2012, Splunk Inc.
  • 10. Network Security Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 10 Listen to your data. Copyright © 2012, Splunk Inc.
  • 11. Network Security Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 11 Listen to your data. Copyright © 2012, Splunk Inc.
  • 12. Network Operations Dashboards Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 12 Listen to your data. Copyright © 2012, Splunk Inc.
  • 13. Computer Security Incident Response Team Investigations • Splunk – MAC address, User Name, Public and Private IP addresses • Set window around known time of infection • Result: insight into how, when and where host was compromised “Being able to put 1 parameter in and chasing it across the network is great! ” Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 13 Listen to your data. Copyright © 2012, Splunk Inc.
  • 14. Splunk 4.3 – Winner! • Bloom-filters • IPv6 support • Non-Flash UI • Historic Versions (whoops!) • JSON XML field extractions • Native Python and Java SDKs exciting Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 14 Listen to your data. Copyright © 2012, Splunk Inc.
  • 15. Future Plans • Synchronization with Active Directory • Identify financial aid fraud with correlation of event logs • Data mining webserver logs • Using Splunk for Institutional Research • Speed of light calculations on geoip data Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 15 Listen to your data. Copyright © 2012, Splunk Inc.
  • 16. Thank you! Tony "Pancakes" Maszeroski Information Security Manager Calvin Krzywiec Network Engineer Copyright © 2011, Splunk Inc. Philadelphia, February 2, 2012 16 16 Listen to your data. Copyright © 2012, Splunk Inc.

Notes de l'éditeur

  1. Automated searches for certain conditions – what are those searches – Internal/External Firewalls
  2. ROI/PCO are huge right now - what need does it full fill - are there other products lower price same functionality. We did due diligence. Picked the right fit. (response time, transaction tracing) Challenges: No one was looking at security toolsWe knew we needed centralized logging..Because of the inefficiencies that were going around. Looking at logs in different systems for troubleshooting and forensics. Limited with Switches and routing – that could hold internal logs. We played around with i don't even know how many open source syslog applications. Splunk was brought to my attentionFree for 500 MB – let's throw it in and see how it works...about 4 yrs ago. Initially we were just using it for centralized log collectionBut it got more embedded into our operations“I am amazed at how easy it is to index and analyze data in Splunk.
  3. ROI/PCO are huge right now - what need does it full fill - are there other products lower price same functionality. We did due diligence. Picked the right fit. (response time, transaction tracing) Challenges: No one was looking at security toolsWe knew we needed centralized logging..Because of the inefficiencies that were going around. Looking at logs in different systems for troubleshooting and forensics. Limited with Switches and routing – that could hold internal logs. We played around with i don't even know how many open source syslog applications. Splunk was brought to my attentionFree for 500 MB – let's throw it in and see how it works...about 4 yrs ago. Initially we were just using it for centralized log collectionBut it got more embedded into our operations“I am amazed at how easy it is to index and analyze data in Splunk.
  4. Network knew what type of user you were – student, faculty staffWe needed to take 10. address space to cut it upNetwork Access Translation: private vs public address
  5. Alert goes out to campus policeIf it's wireless we put it up on a University map down to floor and roomNarrow down to a cable location
  6. Installing 4.3 was super easy2 yr effort to support ipv6 natively on campus.Analyzing Netflow data – which buckets that have which IP addresses
  7. Online MBA program, some other online programs less familiar.Dept education - dear colleague letter - concerned about financial aid fraud in higher edu. Some controls are comparing geo location from where they register, where they do their test, where they lived etc. etc.