My Blog Posts

Introduction to BlockFi and what we do as a crypto company. Our journey with Databricks: Building a cross functional ML team Scoping business problems to get executive buy in Conveying a strategic vision for ML at your organization Operationalizing ML & Data Science to solve business challenges Building clear business objectives f...

BlockFi is a cryptocurrency platform that allows its clients to grow wealth through various financial products capabilities, including loans, trading and interest accounts. The safety of our client’s assets and personal information is taken very seriously by the security operations team. In this session, we will showcase how BlockFI uses Splunk ...

The Deep Learning Toolkit (DLTK) was launched at .conf19 with the intention of helping customers leverage additional Deep Learning frameworks as part of their machine learning workflows. The app ships with four separate containers: Tensorflow 2.0 - CPU, Tensorflow 2.0 GPU, Pytorch and SpaCy. All of the containers provide a base install of Jupyt...

Anthony is a data scientist at Splunk and will give an overview of ML & AI Concepts, including what data science is and the promise of AI for security analysts. He will also give us a walkthrough of use cases in detection of ransomware and botnet using machine learning.

Ever wanted to manage and integrate your Splunk Enterprise deployment using your favorite data science tool? Then this blog’s for you. But there are a couple things to keep in mind—this is for development and single instance deployments only, and it also requires sudo/root access to the server in order to properly map user PIDs and ownership of ...

Configuring and maintaining a Splunk Dev environment can be challenging as new releases of apps and the software are made available. Leveraging the official Docker image, the newest versions of Splunk Enterprise and various apps can be made available without a time commitment or worries about future updates. The requirements for this tutorial a...

Prescriptive analytics is often referred to as the “final frontier of analytic capabilities”, many organizations strive to get there and fail. Evolving from reactive to prescriptive is key for organizations maintain their competitive advantage. So what does this journey look like when organizations embrace an analytics nerve center for security ...

Have you ever stared at the search bar while deciding the best way to query Splunk for answers? Let’s face it, we’ve all been there. The pressure gets even more intense when you are building security use cases, hunting for threat actors and meeting compliance requirements to protect your organization from hackers. Make a mistake and you could cr...

Many cybersecurity vendors today use terms such as “AI” and “machine learning” to describe the capabilities of their products. But what exactly do these technologies do, and how can you implement them to improve your everyday IT security processes? In this Dark Reading webinar, a top expert will offer some useful definitions of terms, and will ...

Using malware pcaps from: http://www.malware-traffic-analysis.net/ I can leverage Suricata to see which emerging threats rules fire, and analyze the results in Splunk. With Splunk, I can determine if Suricata alerted for a specific indicator of compromise by looking not just at the alert signature but everything in eve.json to iteratively develo...

Splunk has enabled big data on the security practitioner’s desktop, but the security knowledge worker is not a data scientist by training. SOC engineers need easy-to-implement machine learning tools. Learn about existing machine learning toolkits available in the Splunk platform and how they can be applied to data exfiltration, port/traffic anal...

Attend this guided, hands-on session to learn security best practices related to building a Splunk App – specifically, key aspects of operationalizing security searches, visualizations and workflow. We’ll cover a range of topics, including: - Overall methodology: when and how building an app can help with security challenges and how to design an...

Enhance the out-of-the-box visualizations provided by Splunk for cluster map visualizations by integrating with the MapBox API. t has been possible to add custom tiles to cluster map visualizations in Splunk, but the options for adding tiles were limited because it was unclear whether external APIs integrated with Splunk. This blog shows you ho...

Who are the Shadowbrokers? In 2017 the shadowbrokers attempted to auction off zero day tools allegedly developed by the NSA. These tools used undisclosed vulns to target other adversarial nation states and surveil targets with the goal of improving national security. The tools were leaked and subsequently came into possesion of the shadowbrok...

What is CloudBleed? Cloudbleed is a serious flaw in the Cloudflare content delivery network (CDN) discovered by Google Project Zero security researcher Tavis Ormany. This vulnerability means that Cloudflare leaked data stored in memory in response to specifically-formed requests. The vulnerability behavior is similar to Heartbleed, but Cloudblee...

Ransomware isn’t going away Ransomware is a profitable business model for cyber criminals with 2016 payments closed at the billon dollar mark. According to a recent survey by IBM, nearly 70% of executives hit by ransomware have paid to get their data back. Those survey results do not include smaller organizations and consumers who are also payin...

Who is this guide for? It is a best practice to install Splunk as a non-root user or service account as part of a defense in depth strategy. This installation choice comes with the consequences of preventing the Splunk user from using privileged ports (Anything below 1024). Some of the solutions to this problem, found on Splunk Answers require i...

Machine Learning Toolkit Since the official rollout at the year’s. conf of the Machine Learning Toolkit(MLTK), Splunkers have been pursing some interesting use cases ranging from IT operations, planning, security and business analytics. Those use cases barely scratch the surface of what is possible with machine learning and Splunk. As an example...

Splunk has enabled big data on the security practitioner’s desktop, but the security knowledge worker is not a data scientist by training. SOC engineers need easy-to-implement machine learning tools. Learn about existing machine learning toolkits available in the Splunk platform and how they can be applied to data exfiltration, port/traffic anal...

Splunk has enabled big data on the security practitioner’s desktop, but the security knowledge worker is not a data scientist by training. SOC engineers need easy-to-implement machine learning tools. Learn about existing machine learning toolkits available in the Splunk platform and how they can be applied to data exfiltration, port/traffic anal...