Beruflich Dokumente
Kultur Dokumente
Web logs
.NET events
Configurations
syslog
SNMP
netflow
Databases
Configurations
Audit/query logs
Tables
Schemas
Virtualization
& Cloud
Hypervisor
Cloud
Linux/Unix
Configurations
syslog
File system
Click-stream data
Power consumption
RFID data
GPS data
Windows
Registry
Event logs
File system
sysinternals
Logfiles
Splunk Collects and Indexes Any
Machine Data
So What is Splunk?
2012 The SANS" Institute - www.sans.org
21
+
Cluster
Associate
Stats
AVG
Transaction
Addtotals
Delta
Eval
Stddev
Rare
Outlier
Streamstats
Timechart
Time Index Ingestion
Text Base Search
Nested Search
Cross Data-type
Search
cApend
Abstract
Cluster
Bucket
Multikv
Scrub
Join
Rare
Text Based Search Statistical Analysis
Splunk: Big Data Security Intelligence
Platform
2012 The SANS" Institute - www.sans.org
22
22
Statistical Analysis
s
Proactive Monitoring
Search and Investigation
Machine Data
Security Intelligence
for Business
Security Visualizations for
Executives
2012 The SANS" Institute - www.sans.org
23
Enabling IT Risk Scenarios
2
3
Business
Analytics
App
Mgmt
Compliance
IT
Ops
Web
Analytics
Security Relevant Data
Confidentiality / Integrity / Availability
CSO / CIO / CEO
Views
Applying IT Risk
Scenarios
Finding
Abnormal
Behaviors
Open Discussion
- What are the operational
challenges with security big data
analytics?
- Political issues?
2012 The SANS" Institute - www.sans.org
24
Questions?
2012 The SANS" Institute - www.sans.org
25
Contact
Follow-up: q@sans.org
Dave Shackleford
dshackleford@sans.org
Splunk
Mark Seward
mseward@splunk.com
2012 The SANS" Institute - www.sans.org
26