InfoSec Blog

So what is Splunk? At its core Splunk is a search engine. It was designed to allow any data from an infrastructure device to be indexed and searched. Any output from applications, servers and network devices can be “eaten” by Splunk. However, Splunk has become more than just a standalone product. The current 3.x series of the product has opened up the internal API and exposed it to allow outside development of new applications on top of the Splunk core. This post is going to touch on some of the capabilities available to developers looking to get even more out of their Splunk installation. I am going to be discussing two elements of Splunk that a user can customize and enhance in the current product release: Spunk UI customization and RESTful applications.

Ever since it’s debut, Microsoft Windows 2008 Server has awed security and systems administrators with its complex and innovative features. With threats becoming each day more immanent and efficient, security system administrators face the tedious task of protecting Microsoft’s new giant. In this article we compiled some of the industries best practices such as NIST to show you some of the features and ways to reduce your windows 2008 servers’ exposure.

The use of a centralized log server has often been highlighted in many of today’s security best practices. The constant need to collect, retain and protect these sensitive security event log files sometimes overwhelm security and systems administrators, especially in large corporate environments. When properly configured, security event logs are used to track user activity and access on specific systems or objects, and is a key element when tying to piece up the chain of events leading to a security incident. Many security administrators might know how cumbersome it is to manage such security event log files, and sometimes seek third party vendors to help them manage their security log files. The truth is that many of these problems can be solved using native features of your server operating system.

With the rise in focus on security there has emerged a set of security requirements that enterprise software vendors must consider or else they run the risk of watching their sales pipeline come to a screeching halt. The following are ten "must have" requirements that I have come across while doing some proof of concepts: