Using the Fast mode The Fast mode prioritizes the performance of the search and does not return nonessential field or event data. This means that the search returns what is essential and required. Disables field discovery. Field discovery is the process Splunk software uses to extract fields aside from default fields such as host, source, and sourcetype. The Splunk software only returns… Read more »
Monthly Archives:: February 2020
Splunk Deployment Basic , Index Cluster, Increasing Captivity and Multi-Instance
Splunk Deployment A deployment server is a Splunk Enterprise instance that acts as a centralized configuration manager for any number of other instances, called “deployment clients”. Any full Splunk Enterprise instance – even one indexing data locally – can act as a deployment server. A deployment server cannot be a client of itself. Splunk Index Cluster Indexer clusters are groups of Splunk Enterprise indexers configured to replicate… Read more »
How is Splunk Deployed?
A deployment server is a Splunk Enterprise instance that acts as a centralized configuration manager for any number of other instances, called “deployment clients”. Any full Splunk Enterprise instance – even one indexing data locally – can act as a deployment server. A deployment server cannot be a client of itself. Splunk Enterpise Splunk Enterprise is a software product that enables you to search, analyze, and visualize… Read more »
How Does Splunk Work?
Splunk is a software mainly used for searching, monitoring, and examining machine-generated Big Data through a web-style interface. Splunk performs capturing, indexing, and correlating the real-time data in a searchable container from which it can produce graphs, reports, alerts, dashboards, and visualizations. Splunk Search Head In a distributed search environment, a Splunk Enterprise instance that handles search management functions, directing search requests to… Read more »
Black Box, Grey Box, White Box Testing
Security+ Objectives 1.4 Black Box, Grey Box, White Box testing: What Differences? There are several ways to conduct penetration tests. If you’re considering penetration testing for your network, you’ll likely choose either black, white, or gray box testing. Each method has merits, so it’s helpful to understand the difference between these tests in order to… Read more »
Splunk® And Amazon Web Services
Tech Brief Exerpts When it comes to the cloud, you can’t secure, operate or manage costs for what you can’t see. As more of your critical workloads move to AWS, you need end-to-end visibility to: • Ensure AWS deployments meet or exceed security and compliance standards• Guarantee AWS-based applications and services meet defined SLAs• Gain… Read more »
Splunk Light – Installation, Configuration, and Demo
Introduction Cyber-crime is rising constantly as attackers are coming up with new tools and attacks techniques. To defend the network and protect companies against cyber-attacks, security professionals need security tools such as IDS, IPS, SIEMS. For my network defense tool assignment, I have decided to research about Splunk, one of the most popular Security Information… Read more »
Privilege Escalation
ComTIA Security+ Objective 1.4 What Is Privilege Escalation and Why Is It Important? The term “Privilege Escalation” describes a type of application security vulnerability in which a user has the ability to access information, features, or functionality that they are not entitled to in their role. It is only a concern in applications in which… Read more »
How to Enable Elastic IP addresses on AWS SFTP server endpoint?
To make your AWS SFTP server accessible using Elastic IP addresses, create an internet-facing endpoint for your server. However, if you must change the listener port to a port other than port 22 (for migration), then follow these steps: Important: Don’t proceed with the following steps if your listener port can be port 22. Instead,… Read more »