Splunk – Audit, Security and Business Analytics

Splunk – Audit, Security and Business Analytics

March 28, 2020 / Nirav Shah

Data is everywhere and it is answer to almost most of our questions. It is generated by simple temperature sensor of mobile phone to a space craft. Analysis of this data empowers us and the future generations with the insights that help us make right decisions over the time.

What is Splunk?

Splunk is a software-as-a-service mainly used for searching, monitoring, and examining machine-generated Big Data through a web-style interface. Splunk is a basically an advanced, scalable, and effective technology that indexes and searches log files stored in a system.And the plus point is that it does not need any database to store its data, as it extensively makes use of its indexes to store the data.

Splunk can perform capturing, indexing, and correlating the real-time data in a searchable container from which it can produce graphs, reports, alerts, dashboards, and visualizations.
It’s cool right !!!!.

Now let me explain you with take some easy example:

Suppose, you are a System Administrator and you have to find out what’s wrong in the machine/system you are working with. Take a look at the machine-generated data to get an idea of how it looks like.

The machine generated logs are non-intuitive, so it would take hours to find out what’s wrong with your system

Now, this is where Splunk comes into the picture. It will do all the hefty tasks for you, i.e., processing of the whole data which was generated by your machine/system, and after obtaining the relevant data, it will be a lot easier to locate the problems.

Splunk Features:

• Intuitive user experience
• simplified management
• Rich developer environment
• Power analytics

Splunk on AWS

The Splunk App for AWS gives you critical operational and security insight into your Amazon Web Services account.

The app includes:

• A pre-built knowledge base of dashboards, reports, and alerts that deliver real-time visibility into your environment.
• A logical topology dashboard that displays your entire AWS infrastructure to help you optimize resources and detect problems.
• Insights dashboards that display detected problems in your AWS environment and provide best practice recommendations to help you optimize AWS resources, including EC2, EIP, ELB, and EBS.

If you are a Splunk software administrator, install this app and all required dependencies to your Splunk platform deployment. See Hardware and software requirements for the Splunk App for AWS to plan your deployment.

If you are a Splunk software user, check out the User Manual. to get familiar with the dashboards.

Splunk is provided in different versions as per various requirements, so i will put the link for you:

• Install the Splunk App for AWS on Splunk Cloud
• Install the Splunk App for AWS on Splunk Enterprise
• Install the Splunk App for AWS on Splunk Light

For more information in details please follow below link

• https://docs.splunk.com/Documentation
• https://www.hurricanelabs.com/blog/splunk-and-aws-data-transfer-cost-considerations
• https://aws.amazon.com/blogs/apn/how-to-reduce-aws-storage-costs-for-splunk-deployments-using-smartstore/
• https://stackarmor.com/monitoring-aws-cloud-with-splunk-using-aws-cloudwatch-agent/

Also Read: AWS Inspector — Security Assessment and Automation Tool