Splunk Online Training

1
(No Transcript)
2
Splunk overview

• Overview
• These use cases walk you through monitoring,
  investigation, and detection scenarios for
  security incidents using Splunk Enterprise
  Security. Use the available dashboards, alerts,
  correlation searches, as well as custom searches,
  to assess and remediate threats in your
  environment.
• The following use cases explain real-world ways
  you can use Splunk Enterprise Security.
• Detect malware
• Using Enterprise Security to find Malware
• Use DNS data to identify malware patient zero
• Investigating potential zero-day activity with
  Splunk Enterprise Security
• Identify suspicious activity
• Using Enterprise Security to find Data
  Exfiltration
• Monitor privileged accounts for suspicious
  activity
• Monitor threat activity in your environment with
  a glass table

3
Features of splunk

• Collect and Index All Log Files
• The first step in preventing IT fires is to get a
  handle on all of your data. Splunk Light offers
  the following native features to centralize your
  log data.
• Flexible Data Input
• Collect and index log data from just about any
  source imaginable from network traffic to web
  servers to custom applications. Just point Splunk
  Light at your data and an intuitive user
  interface guides you through the rest.
• Forwards Data From Remote Systems
• Splunk Forwarders collect data that isnt
  available over the network or visible to the
  server where Splunk software is installed. They
  deliver reliable, secure, real-time universal
  data collection for tens of thousands of
  sources. Learn more.
• No Rigid Schemas
• Splunk Light has no predefined schema. Any
  interpretation you need to do on the data, such
  as extracting a common field, or tagging a subset
  of hosts, is done at search time.
• Automates Chronology
• Splunk software automatically determines the time
  of any event. Any missing timestamps can be
  inferred based on context.

4
Features of splunk

• Search and Investigate Across All Logs
• With Splunk Light you have one centralized place
  to search and find the source of the fire.
• Search and Investigate Anything
• Freeform search, combined with real-time
  indexing, supports rapid searches using intuitive
  Boolean, nested, quoted string and wildcard
  approaches. This allows users to quickly iterate
  and refine searches without knowing anything
  about specific data formats.
• Powerful Search Processing Language
• The Splunk Search Processing Language (SPL) is a
  query, analytical and visualization language that
  provides a powerful means to operate on your
  data. It supports four different types of
  correlations (time, transactions, sub-searches,
  joins) and over 140 analytical and visualization
  commands.
• Real-Time Search
• Search real-time streaming data and indexed
  historical data from the same interface. Users
  can analyze current behavior and activity and see
  the historical context to get the full picture.
• Time-Range Search
• Combine time and term searches to look across
  every tier of your infrastructure for errors and
  configuration changes in the precise seconds
  before a system failure occurs.
• Interactive Results
• An interactive interface dramatically improves
  the users' experience and the speed with which
  tasks are accomplished. Zoom in and out on a
  timeline of results to quickly reveal trends,
  spikes and anomalies. Dynamically drill down in
  dashboards to the raw events or custom views.

5
Features of splunk

• Correlate and Analyze Across All Systems
• Easily find the relationships between events and
  activities.
• Correlate Complex Events
• Splunk Light enables you to correlate complex
  events from multiple data sources across your IT
  infrastructure so you can monitor and analyze
  more meaningful events, including the lifecycle
  of an entire transaction. Supported correlations
  include time-based, transaction-based,
  sub-searches and joins.
• Event Pattern Detection
• Splunk Light automatically detects meaningful
  patterns across your machine data, regardless of
  data source or type. It then enables users to
  zoom in and out using a visual timeline so they
  can identify trends, spikes and drill down into
  the results.

6
Features of splunk

• Monitor and Alert Proactively
• Use your centralized log data to become more
  proactive. Rather than simply reacting to ad hoc
  incidents or problems, Splunk Light provides
  active monitoring and alerting.
• Continuously Monitor for Specific Conditions
• Alerts can be based on a variety of thresholds
  and trend-based conditions, and to any level of
  granularity. Alerts can go beyond simple Boolean
  searches into fielded searches, statistical
  searches and sub-searches. You can correlate on
  anything you want and alert on complex patterns
  such as server or network performance
  degradation, brute force attacks and fraud
  scenarios.
• Turn Searches Into Real-Time Alerts
• Searches can be saved and scheduled for continual
  monitoring and can trigger alerts via email or
  RSS.
• Have Alerts Take Action
• Alerts can be set to run scripts that take
  remedial actions, send an SNMP trap to your
  system management console or generate a service
  desk ticket.

7
Features of splunk

• Visualize and Report on Your Whole IT
  Infrastructure
• Once youve set up your alerts, you may want to
  get regular updates on key parts of your
  operations. Splunk Light rapidly generates
  reports and collects these reports in custom
  dashboards and views. You can schedule delivery
  of any report via PDF and share it with
  management, business users or other IT
  stakeholders.
• Report on Search Results
• Easily build advanced graphs, charts and
  sparklines from search results and visualize
  important trends, see highs and lows, summarize
  top values and report on the most and least
  frequent types of conditions. And because fields
  are identified as you search, you can specify new
  fields without re-indexing your data.
• Real-Time, Interactive Dashboards
• Dashboards integrate multiple charts, views and
  reports of live and historical data to satisfy
  the needs of different users. You can add
  workflows enabling users to click through to
  another dashboard, form, view or external
  website. Quickly build and personalize dashboards
  for management, business or security analysts,
  auditors, developers and operations teams.

8
Features of splunk

• Prebuilt Panels
• Quickly create dashboards using prebuilt panels
  that are shareable and integrate multiple charts
  and views of your data.
• Drag-and-Drop Interface
• Edit dashboards using a simple drag-and-drop
  interface integrated charting controls mean you
  can change chart types on-the-fly.
• Dashboards Wherever You Are
• Charts and timelines in Splunk Light dont use
  Flash, which means dashboards can be viewed and
  edited on tablets, smartphones and non-Flash
  browsers.

9
CONTACT US

• USA - 1-845-915-8712
•  USA - 1-845-915-8712
•  IND - 91-9642373173 / 91-9966624055
•  IND - 91-9642373173
•  info_at_svtrainings.com
• SV TRAININGS ADDRESS
• USA
• 6109 Blue Circle Drive Suite 1000 Minnetonka
  55343 
• Call/whats app 1-845-915-8712
• INDIA
• Plot no111, Road no6 subhodaya
  colony,Vanasthalipuram Ranga Reddy (Dist), Pin
  code 500070?
• Call/whats app 91-9642373173 and
  91-9966624055

10
Thank you