Operations | Monitoring | ITSM | DevOps | Cloud

January 2021

A New Fast Lane to Value: Introducing Splunk's IT Essentials Learn and Work Apps

We often hear that our customers love using Splunk, know the power behind our platform and want to expand usage to IT. But they aren’t sure what steps to take first. We want our customers to maximize their Splunk investment and get them jump-started with Splunk for IT use cases by providing the guidance and best practices they seek.

Detecting the Sudo Baron Samedit Vulnerability and Attack

On January 26th, 2021, Qualys reported that many versions of SUDO (1.8.2 to 1.8.31p2 and 1.9.0 to 1.9.5p1) are vulnerable (CVE-2021-3156) to a buffer overflow attack dubbed Baron Samedit that can result in privilege escalations. Qualys was able to use this vulnerability to gain root on at least Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2), some of the most modern and widely used Linux operating systems.

Open Source in Application Monitoring

Open source projects are a powerful way to accelerate application development. Open source as a support function to monitoring can help support standards and better Observability and Monitoring practices. Learn about the OpenTelemetry project as a tool to improve the quality and flexibility of traces, spans, logs for better monitoring and Observability practices.

Getting to Know Google Cloud Audit Logs

So you've set up a Google Cloud Logging sink along with a Dataflow pipeline and are happily ingesting these events into your Splunk infrastructure — great! But now what? How do you start to get meaningful insights from this data? In this blog post, I'll share eight useful signals hiding within Google Cloud audit logs that will help you uncover meaningful insights. You'll learn how to detect: Finally, we’ll wrap up with a simple dashboard that captures all these queries in one place.

Get to Know Splunk Machine Learning Environment (SMLE)

One of our most exciting new projects at Splunk is coming to life. Over the past year, we have been hard at work putting together our vision: a place where Splunk admins, NOC/SOC teams, data analysts, and data scientists can collaborate, experiment, and operationalize their work, all in a single environment inside the Splunk ecosystem. We call it Splunk Machine Learning Environment (SMLE).

Walkthrough to Set Up the Deep Learning Toolkit for Splunk with Amazon EKS

The Splunk Deep Learning Toolkit (DLTK) is a very powerful tool that allows you to offload compute resources to external container environments. Additionally, you can use GPU or SPARK environments. In last Splunk blog post, The Power of Deep Learning Analytics and GPU Acceleration, you can learn more about building a GPU-based environment. Splunk DLTK supports Docker as well as Kubernetes and OpenShift as container environments.

Splunk SOAR Playbooks: Finding and Disabling Inactive Users on AWS

Every organization that uses AWS has a set of user accounts that grant access to resources and data. The Identity and Access Management (IAM) service is the part of AWS that keeps track of all the users, groups, roles and policies that provide that access. Because it controls permissions for all other services, IAM is probably the single most important service in AWS to focus on from a security perspective.

Macros, We Don't Need No Stinking Macros! - Featuring the New Microsoft O365 Email Add-On

Recently, I’ve been on a mission building a new Microsoft Office 365 Email Add-on for Splunk. This has been built for use with Splunk Enterprise, while making sure that it properly supports Splunk’s Common Information Model (CIM). CIM is paramount when wanting data to play nicely with Splunk Enterprise Security.

Machine Learning Guide: Choosing the Right Workflow

Machine learning (ML) and analytics make data actionable. Without it, data remains an untapped resource until a person (or an intelligent algorithm) analyzes that data to find insights relevant to addressing a business problem. For example, amidst a network outage crisis a historical database of network log records is useless without analysis. Resolving the issue requires an analyst to search the database, apply application logic, and manually identify the triggering series of events.

Not Another New Year's Resolution

I hope I’m not alone in starting 2021 with some sense of optimism. While several hard months remain ahead of us, I am hopeful and also expecting that some sense of normality will return by the summer months. Either way, this gives us an opportunity to reflect on the challenges we have faced. 2020 was testing. We learnt a lot about ourselves and our businesses in the most challenging of circumstances.

The Department of Defense Data Strategy: An Important Start

In early October 2020, the Department of Defense released its long-anticipated and much needed Data Strategy. This strategy is the latest installment under the Department’s Digital Modernization Strategy, which was released in July 2019, and focused on the key strategic pillars of enterprise cloud adoption, artificial intelligence, command, control, communications, cybersecurity, and IT reform.

Yes, Virginia, There is a -Santa Claus- Way to Detect Unemployment Fraud

Fraud rates for Unemployment Insurance Benefits (UIB) and Pandemic Unemployment Assistance (PUA) are out of control. In May 2020, Brian Krebs of Krebsonsecurity published two articles detailing fraud that was occurring in several different state’s UIB portals. These states had been warned by the US Secret Service to be on the lookout for this. Reading the articles, the common theme is that many states are missing rudimentary controls for combating fraud.

Splunk Cloud Self-Service: Announcing The New Admin Config Service API

In our last blog, "What's New in Splunk Cloud: Part 1," we reviewed a host of new Splunk Cloud features that we have delivered through our accelerated releases since the beginning of 2020. A large part of this effort focused on empowering Splunk Cloud admins and making their experience as self-service as possible. In this blog, we will examine our latest effort to continue this empowerment: Splunk Cloud’s Admin Configuration Service (ACS).

Leaving 2020 Behind, What's the Role of Retail Stores in the Data Age?

From store shutdown to temporary closure and limited occupancy for non-essential retail businesses, 2020 was filled with many disappointments. America’s stores were in rough shape even before the pandemic, but COVID-19 has significantly compounded the challenging retail landscape, leaving behind businesses that could not adapt to the abrupt change in the operating environment.

Automation Made Easy: What's New with Splunk Phantom

The Splunk Security Team is excited to share some of the new and enhanced capabilities of Splunk Phantom, Splunk’s security orchestration, automation and response (SOAR) technology. Phantom’s latest update (v4.10) makes automation implementation, operation and scaling easier than ever for your security team.