Logging

graylog

Improving IoT security with log management

The Internet of Things (IoT) revolution has set the beginning of a new age of data transfer. Each day, a massive number of new devices get added to all kinds of network infrastructures, transferring gargantuan amounts of data back and forth. In the next decade, we expect the number of IoTs to grow to a staggering 80 billion connected devices – practically outnumbering the human population tenfold.

splunk

Use CI to Automatically Catch Dead Links in Your GitHub Project

Worried about dead links in your GitHub project? I was, after having a few pointed out to me in the Analytic Stories and detections published by the Splunk Security Research Team. So, like any sane engineer, I decided to automate this project ?! My first step was to look for an easy-to-use URL tester that processes markdown, since all of Splunk Security Research content gets automatically converted to documentation as .md.

splunk

Meet the Doers: How Nate Plamondon Helps Prevent Fraud and Attacks at ASU

In the next installment of our Meet the Doers series, we highlight Nate Plamondon. Nate Plamondon is helping protect Arizona State University from fraud, cyberattacks and other threats on a daily basis as a Splunk architect. The Arizona native was first introduced to Splunk about four years ago while working as a systems administrator at Arizona State University, and was intrigued by its potential. When ASU had an opening for a Splunk administrator, Nate decided to give it a shot.

sumologic

NGINX vs Apache - Which Web Server Is Right for You?

Today's IT and DevOps teams have not one, but two, feature-rich open source Web servers to choose from: NGINX and Apache HTTP Server (which is often called simply "Apache"). At a high level, both platforms do the same core thing: Host and serve Web content. Both also offer comparable levels of performance and security. Yet when you dive into the details, you'll find that there are many differences between NGINX and Apache.

sumologic

Vagrant vs. Docker: Which Is Better for Software Development?

The last fifteen years have seen huge increases in developer productivity for several reasons, including the arrival of open source into the mainstream and the ability to better emulate target environments. In addition, the process of resetting a development environment back to the last known stable version has been vastly improved by Vagrant and then Docker.

elastic

Automating the install of Elastic Cloud Enterprise on AWS with Ansible

So you want to install Elastic Cloud Enterprise (you know, the orchestration solution for the Elastic Stack that simplifies and standardizes how you deploy, upgrade, resize, configure, and monitor one to many clusters from a single UI/API) Installing ECE on one host isn’t tough. Installing it on two isn’t much harder. However, when you start dealing with 3, 5, 7, 11, etc., the complexity grows, as does the work involved in operating and maintaining (upgrading!) it all.

elastic

Storing and enriching alerts for information security with Elasticsearch

Within Elastic, the information security team is tasked with security detection and analytics, among many other activities of a typical information security team. To find abnormal and malicious behavior within our environment we leverage Elastic SIEM for investigations and threat hunting. When we find a pattern of behavior we want to be alerted on during an investigation or hunt we take the request JSON behind our investigation and put in to Watcher for alerting.

pandora fms

Alternative to Splunk: Pandora FMS as a monitoring tool

The American magazine “Fortune” specializes in global banking, business and finance… What does it have to do with monitoring? Well, in one of its annual lists, the Fortune 100 (the largest companies on the planet), 92 companies use Splunk software… If we compare by volume of money, yes, Splunk would be the best software and that’s where this article would end.

splunk

Manage Event Storms with Splunk ITSI Event Analytics

Splunk IT Service Intelligence (ITSI) Event Analytics is responsible for ingesting events from multiple data sources and creating and managing notable events. A “notable event” is an enriched event containing metadata to help you investigate issues in your IT environment. Event Analytics is equipped to handle “event storms," or huge numbers of events coming in at once.