Posts

splunk saved search

Running a Splunk Search in a Different Time Zone

We had a recent request to create a Splunk alert that runs hourly with a time range of midnight UTC of current date to current time.   This sounds like an easy request, but when you look into it it’s a bit more complicated than it seems.  

Read more

Setting Up a Splunk Testing Environment Using Terraform & GCP

Overview

Have you ever wished you had a fresh ephemeral Splunk instance that you could quickly spin up, run some tests and then kill it, with maximum speed and minimum cloud costs?

Enter Hashi Terraform to the rescue. The industry-leading infrastructure-as-code tool makes the standup, setup and teardown of cloud compute nodes simple, speedy and repeatable so that an environment can be built, a complete set of tests can be run, results received and the test nodes destroyed in minutes rather than hours.

In this whitepaper, I show how I set up my computer and built the Search Head and Deployment server, as well as how I set up the many Splunk Universal Forwarders to satisfy the test plan.

Download Whitepaper

Get access to this exciting whitepaper now, by completing the form below.


Looking to expedite your success with Terraform? Click here for more information about our Terraform Professional Service offerings, including:

  • Terraform Implementation
  • Infrastructure Migration using Terraform
  • Implementing Zero Trust Architectures
  • Terraform Operational Assessment

Interesting Splunk MLTK Features for Machine Learning (ML) Development

The Splunk Machine Learning Toolkit is packed with machine learning algorithms, new visualizations, web assistant and much more. This blog sheds light on some features and commands in Splunk Machine Learning Toolkit (MLTK) or Core Splunk Enterprise that are lesser known and will assist you in various steps of your model creation or development. With each new release of the Splunk or Splunk MLTK a catalog of new commands are available. I attempt to highlight commands that have helped in some data science or analytical use-cases in this blog.

Read more

What’s New in Aura Asset Intelligence 1.4

We are excited to announce the release of Aura Asset Intelligence 1.4, which brings several new and exciting features. This release further enhances the intelligence capabilities of Aura AI and helps enterprises gain even more insight into their assets and the relationships that exist between them.

Asset Activity and Association Reporting

New reporting that highlights the associations between assets and identities through the use of their detection frequency, to better understand activity, usage and shared access rights.

Asset Relationship Visual Workspace

An immensely powerful interactive visual workspace, that allows users to graphically explore the interrelationships between assets. For example, view all the assets associated with a particular identity and then see all other identities that are also associated with those same assets.

First and Last Detection Report

Quickly identify when assets are first and last detected. For example, build a report to show all newly discovered assets in the past day, or a report to show assets that have been inactive for over a month.

Vulnerability Scanning and Endpoint Management Compliance Reporting

Additional out-of-the-box compliance reporting helps to identify the gaps between what is being scanned and what is actively being discovered on the network and also to identify workstations and servers that are not being actively managed by the company’s chosen endpoint management solution.

Aura Confidence Levels

A new visual level assigned to every discovered network asset, calculated from several key factors, provides an indicator of asset confidence, freshness and accuracy.

ServiceNow Integration

Full integration with the ServiceNow, provides the ability to update ServiceNow asset records with what is being actively discovered by Aura AI.

10x Performance Increase

A 10x increased in Aura AI processing efficiency and speed, further builds upon our already efficient processing.


Click here to find out more about Aura AI and how you can benefit from the power of real-time asset discovery and intelligence.

© Discovered Intelligence Inc., 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.

Homepage for Splunk – Our New App!

Homepage for Splunk

We are pleased to announce the release of our new app, Homepage for Splunk. This Splunk certified app presents your logged in users with a ‘virtual cockpit’ that provides a single-pane-of-glass view into their specific use of Splunk.  Read more

Meta Woot! App for Splunk Demo

In this short video, we demonstrate our Discovered Intelligence Meta Woot! app for Splunk. Read more

Heartbleed Command for Splunk

heartbleedDiscovered Intelligence has developed a simple Splunk command for identifying Heartbleed vulnerabilities!

This CIM-Compliant Technology Add-on (TA-Heartbleed) contains a new heartbleedtest Splunk command that can be used to check your internal infrastructure and external websites for the recently announced Heartbleed vulnerability. Read more