Splunk User Group Edinburgh - November Event
-
Upload
harry-mclaren -
Category
Technology
-
view
107 -
download
6
Transcript of Splunk User Group Edinburgh - November Event
![Page 1: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/1.jpg)
Copyright © 2016 Splunk Inc.
Splunk User Group EdinburghIT Ops / Use Case DevNovember 2016
![Page 2: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/2.jpg)
2
Introduction - Harry McLaren● Alumnus of Edinburgh Napier● Security Consultant at ECS – Role: Specialist Splunk Consultant & Enablement Lead– Specialism: Enterprise Security (SIEM) / IT Service Intelligence
● Splunk User Group Edinburgh: Leader / Founder
![Page 3: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/3.jpg)
3
Introduction - ECSStrategic Splunk Partner - UK – Type: Security / IT Operations / Managed Services– Awards: Splunk Revolution Award & Splunk Partner of the Year 2016
![Page 4: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/4.jpg)
4
![Page 5: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/5.jpg)
5
Agenda
• Housekeeping: Overview & House Rules
• Presentation: IT Operations with IT Service Intelligence
• Demo: IT Service Intelligence Demo
• Presentation: Use Case Development
• Discussion: Business Pain to Organisational Insight
![Page 6: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/6.jpg)
6
Splunk [Official] User Group“The overall goal is to create an authentic, ongoing
user group experience for our users, where they contribute and get involved”
● User Lead Technical Discussions
● Sharing Environment
● Build Trust
● No Sales!
![Page 7: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/7.jpg)
![Page 8: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/8.jpg)
Use Case Development
![Page 9: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/9.jpg)
9
What is a Use Case?● Software & Systems Engineering Definition (via Wikipedia)
“A use case is a list of actions or event steps, typically defining the interactions between a role and a system, to achieve a goal.”
Roles / Actors System Goals
![Page 10: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/10.jpg)
10
Use Case ExamplesSecurity
SECURITY & COMPLIANCE REPORTING
REAL-TIME MONITORING OF KNOWN THREATS
DETECT UNKNOWN THREATS
INCIDENT INVESTIGATIONS &
FORENSICS
FRAUD DETECTION
INSIDER THREAT
![Page 11: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/11.jpg)
11
Security - Insider Threat ● Roles / Actors– Security Analyst / SOC Manager / CISO
● System Requirements– Real-time monitoring based on event logs from relevant systems.– Abnormal Behaviour detection based on ‘Normal’ baselining.
● Goals– Detect / Alert on Insider Threats within the organisation.– Respond to Insider Threats with as much workflow automation as possible.
INSIDER THREAT
![Page 12: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/12.jpg)
12
Insider Threats using Splunk ● Roles / Actors– Security Analyst / SOC Manager / CISO
● System (Splunk)– Real-time monitoring based on correlation search's of event logs such as
Active Directory (AD) and Data Loss Prevention (DLP) software. – Insider Threat detection using Machine Learning models to baseline expected
behaviour and alerting on outliers and abnormal behaviour patterns.– Workflow actions via ‘Enterprise Security’ App and the Adaptive Response Framework.
● Goals Achieved – Detection / alerting on Insider Threats within the organisation.– Responding to Insider Threats with workflow automation.
INSIDER THREAT
![Page 13: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/13.jpg)
13
Business Process Analytics
Customer ExperienceAnalytics
Product Analytics
DigitalMarketing
Use Case ExamplesBusiness Analytics
![Page 14: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/14.jpg)
14
Business Analytics - Customer Experience● Roles / Actors– Marketing Analyst / Product Owner / Website Manager
● System Requirements– Minimal ingestion of additional system logs / hardware (low cost / fast ROI).– Real-time mapping of customer journey of e-commerce platform.– Allow contextual information to be correlated with event information.
● Goals– Alerting when customer experience is degraded past defined KPIs.– Visual representation of useful information for non-technical users.– Create a single view of e-commerce platform for high level monitoring.
Customer ExperienceAnalytics
![Page 15: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/15.jpg)
15
Customer Experience using Splunk● Roles / Actors– Marketing Analyst / Product Owner / Website Manager
● System (Splunk)– Leverages existing event logs and requires minimal additional log sources. – Processes event data into wide selection of interactive visual representations.– Pulls contextual information and correlate with event data for greater insight.
● Goals Achieved – Alerting based on time-sensitive KPIs which can self-set dynamically. – Dashboards showing business relevant information about SLAs in RAG.– High level view supporting drill downs and dependencies via Glass Tables.
Customer ExperienceAnalytics
![Page 16: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/16.jpg)
16
Any Questions?
![Page 17: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/17.jpg)
Business Pain to Organisational Insight
![Page 18: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/18.jpg)
18
Discover > Design > Build > Deliver
Transformation & DeliveryData Enrichment & Acceleration Visualisation & Reporting Development
Data Collection & On-boardingCollection Configuration & Optimisation Data Segmentation & Normalisation
Use Case Discovery & DefinitionDiscovery Workshops / Questionnaires Use Case Specification Document
![Page 19: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/19.jpg)
19
Challenge: How Could You Use This?
Transformation & DeliveryData Enrichment & Acceleration Visualisation & Reporting Development
Data Collection & On-boardingCollection Configuration & Optimisation Data Segmentation & Normalisation
Use Case Discovery & DefinitionDiscovery Workshops / Questionnaires Use Case Specification Document
![Page 20: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/20.jpg)
20
Any Questions?
![Page 21: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/21.jpg)
21
Updates Announced at .conf 2016● Introducing Splunk Enterprise 6.5 - Available Now
‣ Splunk ML Toolkit: Guided workbench and SPL extensions to help you create and operationalize your own custom analytics based on your choice of algorithms.
‣ Tables: New feature that lets you create and analyse tabular data views without using SPL.
‣ Hadoop Data Roll: Gives you another way to reduce historical data storage costs while keeping full search capability.
● Premium Apps - New Releases:– Splunk Enterprise Security [Minor Release] – Splunk IT Service Intelligence [Major Release]– Splunk User Behaviour Analytics [Major Release]
![Page 22: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/22.jpg)
22
Get Involved!● Splunk User Group Edinburgh– https://usergroups.splunk.com/group/splunk-user-group-edinburgh.html– https://www.linkedin.com/groups/12013212
● Splunk’s Slack Group– Register via www.splunk402.com/chat – Channel: #edinburgh
● Present & Share at the User Group?Connect:‣ Harry McLaren | [email protected] | @cyberharibu | harrymclaren.co.uk‣ ECS | [email protected] | @ECS_IT | ecs.co.uk
![Page 23: Splunk User Group Edinburgh - November Event](https://reader035.fdocuments.in/reader035/viewer/2022070513/58893adb1a28ab22578b65c9/html5/thumbnails/23.jpg)
Thank You