Where will the conversation continue?
Mailing List
There are two Splunk Systems - Legacy - Splunk.stanford.edu and New Splunk (one year) - SU Splunk - will use legacy URL when retired. Susplunk.stanford.edu, AS System controls what logs are delivered to the unit.
Notes
Splunk Overview - Sreeni Konduru
- There are two Splunk Systems:
- Legacy - Splunk.stanford.edu
- New Splunk (one year) - SU Splunk - will use legacy URL when retired. Susplunk.stanford.edu, AS System controls what logs are delivered to the unit. Streamlines types of logs, etc.
- Legacy will be in place for 18 months, after data migration is complete. AS servers have migrated.
- Process for onboarding logs to new
- Each group that will want to use the new Splunk will needs a signed certificate.
- There will be a period of transition from old to new
- Updated instructions will be posted to the uit.stanfod.edu website soon.
- Min Sec reqs - collects OS logs. On high risk systems, application logs must be collected as well.
- Dashboard with Bit9 (Carbon Black) showing enforcement of PAWs usage was displayed.
- New Splunk has nice dashboards for support and troubleshooting. Alerts, reports features are available. ServiceNow, Email have dashboards for trends, etc.
- Applications - submit form for application logging for server supplied services, e.g. Apache logs. These are less standardized, and can sometimes introduce security risks, than OS logs.
- On-site Splunk-provided Splunk training will be offered after Winter Holiday 2017. Training tasks might include creating a custom log to track logins occurring during a specific time of day.
- Splunk Team can help create an "app" which would consolidate all the logs used by all team members.
- There are many pre-built apps and logs available.
- Requests for Splunk Team to develop apps are evaluated on a case by case basis.
- Mailing list is available for Splunk users.
