Wednesday, April 08, 2015

Splunk (imagine me making a schpeeelunk noise as I say that, it's more entertaining that way)

My workplace is expanding it's use of Splunk.  As part of that expansion some web based training was made available and I just completed the first part.

Why Chad, you ask, are you sharing this seemingly random, boring, and irrelevant tidbit with us?  (don't try and pretend otherwise I know random, boring and irrelevant are exactly what you though because when I mentioned this to my mother those are the words she used).

Well, I'll tell you - Although I have been aware of Splunk and some of it's capabilities for awhile I hadn't realized exactly how extensive they are.  I probably still don't but I have a better appreciation for them now. 

 If you collect the right data you can correlate everything.  The example that the course gives is an attempted purchase at an e-commerce site where the transaction fails and the customer complains on twitter.  3 steps start to finish to tie the order to the cause of the failure to the customer complaint.  It is both awesome and scary.

That realization also tied back to a book  I read recently  @War: The Rise of the Military-Internet Complex as well as Greenwald's POS.  It gives a little more perspective on the NSA's capabilities.  It may also make me rethink my position on metadata collection and storage.  Currently I am of the opinion that if metadata is properly hashed to hide identifying information until it is unlocked by court order I don't really have a problem with it's collection.  (I know it's not that is just my example of how I would handle things).  I now wonder how much difference that hashing would make.  Gonna have to think about this.

The jist of all this is - I found a new toy with some pretty interesting capabilities.  If you get a chance to mess with Splunk at all take a look.


Post a Comment

What I am reading (or maybe watching) 10/18/2017

DefCon - ICS Village: Grid Insecurity and How to Really Fix This Shit - I tried to see this talk while at DefCon, but the room they ...