Detecting Abnormal or suspicious upload (or) download activity by a user using a Machine learning model. A leading power distribution organization wants to monitor its insider threat using the abnormal or suspicious upload (or) download activity by the user.
CHALLENGES
SOLUTIONS
BENEFITS
Monitored Systems/Data Sources: Squid proxy logs.
Users: Security Operation Center Team
Product: Splunk Enterprise
Splunk App: Machine Learning Tool Kit
[image] => posts/March2023/7dRwSVXLelMbeWGpIB9O.png [slug] => power-distribution-firm-seeks-ml-to-detect-data-transfer-anomalies [meta_description] => Power distribution organisation aims to detect insider threat via suspicious upload/download activity with focus on ML capabilities for anomaly detection. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-22 12:23:25 [updated_at] => 2023-03-15 11:31:23 [tags] => Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 14 [author_id] => 1 [category_id] => 2 [title] => Power distribution firm seeks ML to detect data transfer anomalies [seo_title] => Power distribution firm seeks ML to detect data transfer anomalies [excerpt] => Power distribution organisation aims to detect insider threat via suspicious upload/download activity with focus on ML capabilities for anomaly detection [body] =>Detecting Abnormal or suspicious upload (or) download activity by a user using a Machine learning model. A leading power distribution organization wants to monitor its insider threat using the abnormal or suspicious upload (or) download activity by the user.
CHALLENGES
SOLUTIONS
BENEFITS
Monitored Systems/Data Sources: Squid proxy logs.
Users: Security Operation Center Team
Product: Splunk Enterprise
Splunk App: Machine Learning Tool Kit
[image] => posts/March2023/7dRwSVXLelMbeWGpIB9O.png [slug] => power-distribution-firm-seeks-ml-to-detect-data-transfer-anomalies [meta_description] => Power distribution organisation aims to detect insider threat via suspicious upload/download activity with focus on ML capabilities for anomaly detection. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-22 12:23:25 [updated_at] => 2023-03-15 11:31:23 [tags] => Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) [1] => App\Models\Post Object ( [connection:protected] => mysql [table:protected] => posts [primaryKey:protected] => id [keyType:protected] => int [incrementing] => 1 [with:protected] => Array ( ) [withCount:protected] => Array ( ) [preventsLazyLoading] => [perPage:protected] => 15 [exists] => 1 [wasRecentlyCreated] => [escapeWhenCastingToString:protected] => [attributes:protected] => Array ( [id] => 15 [author_id] => 1 [category_id] => 2 [title] => Helping a telecom service provider to remote user monitoring [seo_title] => Helping a telecom service provider to remote user monitoring [excerpt] => Telecom Service Utility struggles to monitor remote user access and authentication. Essential for sensitive data protection and visibility in new work model. [body] =>The Telecom Service Utility has been facing the challenge of monitoring and analyzing the access and authentication activities of its users while they are working remotely. This problem is due to a change in the work model, where employees accessing sensitive data is a big concern and visibility to monitor the user activity has become essential in this work scenario.
CHALLENGES
SECURITY THREAT
Account compromise | Reconnaissance |
Data exfiltration | DDOS attack |
Insider Threat | Brute force |
Command and control | Unauthorized access |
Privilege escalation | Lateral movement |
SOLUTIONS
BENEFITS
Data Sources: FortiGate network logs, Storage application logs, Authentication server logs, and RDS services logs.
Users: CSIRT Team
Product: Splunk Enterprise
[image] => posts/February2023/384iYcj7WZeW1jppTRFS.png [slug] => helping-a-telecom-service-provider-to-remote-user-monitoring [meta_description] => Telecom Service Utility struggles to monitor remote user access and authentication. Essential for sensitive data protection and visibility in new work model. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-22 12:36:47 [updated_at] => 2023-03-15 11:32:00 [tags] => Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 15 [author_id] => 1 [category_id] => 2 [title] => Helping a telecom service provider to remote user monitoring [seo_title] => Helping a telecom service provider to remote user monitoring [excerpt] => Telecom Service Utility struggles to monitor remote user access and authentication. Essential for sensitive data protection and visibility in new work model. [body] =>The Telecom Service Utility has been facing the challenge of monitoring and analyzing the access and authentication activities of its users while they are working remotely. This problem is due to a change in the work model, where employees accessing sensitive data is a big concern and visibility to monitor the user activity has become essential in this work scenario.
CHALLENGES
SECURITY THREAT
Account compromise | Reconnaissance |
Data exfiltration | DDOS attack |
Insider Threat | Brute force |
Command and control | Unauthorized access |
Privilege escalation | Lateral movement |
SOLUTIONS
BENEFITS
Data Sources: FortiGate network logs, Storage application logs, Authentication server logs, and RDS services logs.
Users: CSIRT Team
Product: Splunk Enterprise
[image] => posts/February2023/384iYcj7WZeW1jppTRFS.png [slug] => helping-a-telecom-service-provider-to-remote-user-monitoring [meta_description] => Telecom Service Utility struggles to monitor remote user access and authentication. Essential for sensitive data protection and visibility in new work model. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-22 12:36:47 [updated_at] => 2023-03-15 11:32:00 [tags] => Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) [2] => App\Models\Post Object ( [connection:protected] => mysql [table:protected] => posts [primaryKey:protected] => id [keyType:protected] => int [incrementing] => 1 [with:protected] => Array ( ) [withCount:protected] => Array ( ) [preventsLazyLoading] => [perPage:protected] => 15 [exists] => 1 [wasRecentlyCreated] => [escapeWhenCastingToString:protected] => [attributes:protected] => Array ( [id] => 23 [author_id] => 1 [category_id] => 2 [title] => Successful completion of Splunk cloud migration for Fintech company [seo_title] => Successful completion of Splunk cloud migration for Fintech company [excerpt] => Splunk cloud migration for fintech company to manage their payment infrastructure. [body] =>The Fintech Company had a remarkable payment infrastructure, but no matter how good the system seemed to be, there were always problems. Despite having the latest and greatest technology available, their systems kept going down, resulting in data loss. The reports and alerts were also delayed, causing a lack of real-time monitoring. The Company collaborated with Positka, a Splunk Cloud partner, to resolve the issue.
Challenges:
Solution:
Benefits:
Users: Information Security Team
Product: Splunk Cloud
[image] => posts/February2023/TtxnDwDvonZtps0vMdt8.png [slug] => successful-completion-of-splunk-cloud-migration-for-fintech-company [meta_description] => Splunk cloud migration for fintech company to manage their payment infrastructure [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-28 06:19:11 [updated_at] => 2023-03-15 11:33:15 [tags] => Splunk cloud, Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 23 [author_id] => 1 [category_id] => 2 [title] => Successful completion of Splunk cloud migration for Fintech company [seo_title] => Successful completion of Splunk cloud migration for Fintech company [excerpt] => Splunk cloud migration for fintech company to manage their payment infrastructure. [body] =>The Fintech Company had a remarkable payment infrastructure, but no matter how good the system seemed to be, there were always problems. Despite having the latest and greatest technology available, their systems kept going down, resulting in data loss. The reports and alerts were also delayed, causing a lack of real-time monitoring. The Company collaborated with Positka, a Splunk Cloud partner, to resolve the issue.
Challenges:
Solution:
Benefits:
Users: Information Security Team
Product: Splunk Cloud
[image] => posts/February2023/TtxnDwDvonZtps0vMdt8.png [slug] => successful-completion-of-splunk-cloud-migration-for-fintech-company [meta_description] => Splunk cloud migration for fintech company to manage their payment infrastructure [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-02-28 06:19:11 [updated_at] => 2023-03-15 11:33:15 [tags] => Splunk cloud, Splunk [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) [3] => App\Models\Post Object ( [connection:protected] => mysql [table:protected] => posts [primaryKey:protected] => id [keyType:protected] => int [incrementing] => 1 [with:protected] => Array ( ) [withCount:protected] => Array ( ) [preventsLazyLoading] => [perPage:protected] => 15 [exists] => 1 [wasRecentlyCreated] => [escapeWhenCastingToString:protected] => [attributes:protected] => Array ( [id] => 29 [author_id] => 1 [category_id] => 2 [title] => Automating malware investigation for one of the top investment firms [seo_title] => Automating malware investigation for one of the top investment firms [excerpt] => Leading investment firms security team deals with 30-40 malware alerts daily, considering automation to speed up investigation process. [body] =>Background:
As one of the world’s leading investment firms with more than 21 offices spanning the globe, it’s not uncommon for the security team at Blackstone to see as many as 30 to 40 malware alerts in a single day. Blackstone’s Incident Response team investigates each malware alert as if a compromise has already occurred, a process that requires 30 to 45 minutes to address each alert fully if done manually.
Challenges:
Benefits:
Business Impact:
Splunk Product:
Splunk SOAR (Previously Splunk Phantom) Enterprise Edition
[image] => posts/March2023/oBgfBlISB9TaOPeFF9CX.png [slug] => automating-malware-investigation-for-one-of-the-top-investment-firms [meta_description] => Leading investment firms security team deals with 30-40 malware alerts daily, considering automation to speed up investigation process. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 10:47:02 [updated_at] => 2023-03-15 11:25:56 [tags] => Splunk-SOAR, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 29 [author_id] => 1 [category_id] => 2 [title] => Automating malware investigation for one of the top investment firms [seo_title] => Automating malware investigation for one of the top investment firms [excerpt] => Leading investment firms security team deals with 30-40 malware alerts daily, considering automation to speed up investigation process. [body] =>Background:
As one of the world’s leading investment firms with more than 21 offices spanning the globe, it’s not uncommon for the security team at Blackstone to see as many as 30 to 40 malware alerts in a single day. Blackstone’s Incident Response team investigates each malware alert as if a compromise has already occurred, a process that requires 30 to 45 minutes to address each alert fully if done manually.
Challenges:
Benefits:
Business Impact:
Splunk Product:
Splunk SOAR (Previously Splunk Phantom) Enterprise Edition
[image] => posts/March2023/oBgfBlISB9TaOPeFF9CX.png [slug] => automating-malware-investigation-for-one-of-the-top-investment-firms [meta_description] => Leading investment firms security team deals with 30-40 malware alerts daily, considering automation to speed up investigation process. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 10:47:02 [updated_at] => 2023-03-15 11:25:56 [tags] => Splunk-SOAR, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) [4] => App\Models\Post Object ( [connection:protected] => mysql [table:protected] => posts [primaryKey:protected] => id [keyType:protected] => int [incrementing] => 1 [with:protected] => Array ( ) [withCount:protected] => Array ( ) [preventsLazyLoading] => [perPage:protected] => 15 [exists] => 1 [wasRecentlyCreated] => [escapeWhenCastingToString:protected] => [attributes:protected] => Array ( [id] => 30 [author_id] => 1 [category_id] => 2 [title] => Automating phishing investigations for a Top-rated cloud company [seo_title] => Automating phishing investigations for a Top-rated cloud company [excerpt] => Leading Managed Cloud Company secures millions of users' businesses against phishing attacks. Splunk Phantom helps automate response process. [body] =>Background:
As the world’s leading managed cloud company, Rackspace has more than 6,000 employees and an infrastructure that spans four continents. Investigating phishing emails is just one of many issues the security team addresses. Rackspace needed a security orchestration, automation and response platform, and selected Splunk Phantom.
Challenges:
Benefits:
Business Impact:
Splunk Products:
Background:
As the world’s leading managed cloud company, Rackspace has more than 6,000 employees and an infrastructure that spans four continents. Investigating phishing emails is just one of many issues the security team addresses. Rackspace needed a security orchestration, automation and response platform, and selected Splunk Phantom.
Challenges:
Benefits:
Business Impact:
Splunk Products:
Background:
A leading banking and financial services company want to detect early on whether employees are transferring sensitive data. By using Splunk and analyzing data in real-time, the company catches threats sooner and takes the steps necessary to mitigate them before they can cause damage.
Challenges:
Solutions:
Benefits:
Monitored Systems/Data Sources: Centralized File transmission servers (10,000+ files), No. of Transmission Protocols – 14
Users: Operations Team, Information Security Team
Product: Splunk Enterprise
[image] => posts/March2023/IuJnT7CRziGayoZ8KNZO.png [slug] => early-threat-detection-and-intelligent-alerts-during-file-transmissions [meta_description] => Banking firm aims to detect early employee transfer of sensitive data. Real-time Splunk analysis catches threats early, enabling timely mitigation [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 14:18:39 [updated_at] => 2023-03-15 11:27:02 [tags] => Splunk, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 31 [author_id] => 1 [category_id] => 2 [title] => Early threat detection and intelligent alerts during file transmissions [seo_title] => Early threat detection and intelligent alerts during file transmissions [excerpt] => Banking firm aims to detect early employee transfer of sensitive data. Real-time Splunk analysis catches threats early, enabling timely mitigation [body] =>
Background:
A leading banking and financial services company want to detect early on whether employees are transferring sensitive data. By using Splunk and analyzing data in real-time, the company catches threats sooner and takes the steps necessary to mitigate them before they can cause damage.
Challenges:
Solutions:
Benefits:
Monitored Systems/Data Sources: Centralized File transmission servers (10,000+ files), No. of Transmission Protocols – 14
Users: Operations Team, Information Security Team
Product: Splunk Enterprise
[image] => posts/March2023/IuJnT7CRziGayoZ8KNZO.png [slug] => early-threat-detection-and-intelligent-alerts-during-file-transmissions [meta_description] => Banking firm aims to detect early employee transfer of sensitive data. Real-time Splunk analysis catches threats early, enabling timely mitigation [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 14:18:39 [updated_at] => 2023-03-15 11:27:02 [tags] => Splunk, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) [6] => App\Models\Post Object ( [connection:protected] => mysql [table:protected] => posts [primaryKey:protected] => id [keyType:protected] => int [incrementing] => 1 [with:protected] => Array ( ) [withCount:protected] => Array ( ) [preventsLazyLoading] => [perPage:protected] => 15 [exists] => 1 [wasRecentlyCreated] => [escapeWhenCastingToString:protected] => [attributes:protected] => Array ( [id] => 32 [author_id] => 1 [category_id] => 2 [title] => Automating Trade Reconciliation for trade settlements using Splunk [seo_title] => Automating Trade Reconciliation for trade settlements using Splunk [excerpt] => Leading banking and financial service company use Splunk to monitor Trade Processing Systems, enabling efficient trade reconciliation & driving business growth. [body] =>
Background:
A leading banking and financial service company that provides Trade Processing outsourcing services wants to use Splunk to monitor Trade Processing Systems for efficient trade reconciliation. In addition, it helps customers optimize their internal processes through transparency of its OMS capabilities — a fact that can drive significant growth in the business.
Challenges:
Solutions:
Benefits:
Monitored Systems/Data Sources: Trade Processing Sub Systems
Users: Operations Team
Product: Splunk Enterprise
[image] => posts/March2023/mGIzNSE44KyvC52zM06E.png [slug] => automating-trade-reconciliation-for-trade-settlements-using-splunk [meta_description] => Leading banking and financial service company use Splunk to monitor Trade Processing Systems, enabling efficient trade reconciliation & driving business growth. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 14:31:00 [updated_at] => 2023-03-15 11:29:05 [tags] => Splunk, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 32 [author_id] => 1 [category_id] => 2 [title] => Automating Trade Reconciliation for trade settlements using Splunk [seo_title] => Automating Trade Reconciliation for trade settlements using Splunk [excerpt] => Leading banking and financial service company use Splunk to monitor Trade Processing Systems, enabling efficient trade reconciliation & driving business growth. [body] =>Background:
A leading banking and financial service company that provides Trade Processing outsourcing services wants to use Splunk to monitor Trade Processing Systems for efficient trade reconciliation. In addition, it helps customers optimize their internal processes through transparency of its OMS capabilities — a fact that can drive significant growth in the business.
Challenges:
Solutions:
Benefits:
Monitored Systems/Data Sources: Trade Processing Sub Systems
Users: Operations Team
Product: Splunk Enterprise
[image] => posts/March2023/mGIzNSE44KyvC52zM06E.png [slug] => automating-trade-reconciliation-for-trade-settlements-using-splunk [meta_description] => Leading banking and financial service company use Splunk to monitor Trade Processing Systems, enabling efficient trade reconciliation & driving business growth. [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 14:31:00 [updated_at] => 2023-03-15 11:29:05 [tags] => Splunk, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) [7] => App\Models\Post Object ( [connection:protected] => mysql [table:protected] => posts [primaryKey:protected] => id [keyType:protected] => int [incrementing] => 1 [with:protected] => Array ( ) [withCount:protected] => Array ( ) [preventsLazyLoading] => [perPage:protected] => 15 [exists] => 1 [wasRecentlyCreated] => [escapeWhenCastingToString:protected] => [attributes:protected] => Array ( [id] => 33 [author_id] => 1 [category_id] => 2 [title] => Intelligent Compliance dashboard and reporting for financial major [seo_title] => Intelligent Compliance dashboard and reporting for financial major [excerpt] => Global financial services firm creates Intelligent Compliance Dashboard & Reporting system for successful compliance & tracking of security compliance rules [body] =>Background:
A single view of Non-Compliances across an organization’s IT systems
A global financial services major who wants to successfully meet their compliance requirements and to keep track of all the rules they must follow for their security compliance process. So they create an "Intelligent Compliance Dashboard & Reporting" system that gives them a single view of all the organization's Non-Compliances.
Challenges:
Solutions:
Benefits:
Monitored Systems/Data Sources: Symantec Scan Data, 000’s of servers, databases, and other network devices.
Users: Remediation Team, Security & Compliance Team, Senior Management Executives
Product: Splunk Enterprise, Custom Visualizations
[image] => posts/March2023/AfenVBFO8TCI05T354XI.png [slug] => intelligent-compliance-dashboard-and-reporting-for-financial-major [meta_description] => Global financial services firm creates Intelligent Compliance Dashboard & Reporting system for successful compliance & tracking of security compliance rules [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 14:45:26 [updated_at] => 2023-03-15 11:30:16 [tags] => Splunk, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 33 [author_id] => 1 [category_id] => 2 [title] => Intelligent Compliance dashboard and reporting for financial major [seo_title] => Intelligent Compliance dashboard and reporting for financial major [excerpt] => Global financial services firm creates Intelligent Compliance Dashboard & Reporting system for successful compliance & tracking of security compliance rules [body] =>Background:
A single view of Non-Compliances across an organization’s IT systems
A global financial services major who wants to successfully meet their compliance requirements and to keep track of all the rules they must follow for their security compliance process. So they create an "Intelligent Compliance Dashboard & Reporting" system that gives them a single view of all the organization's Non-Compliances.
Challenges:
Solutions:
Benefits:
Monitored Systems/Data Sources: Symantec Scan Data, 000’s of servers, databases, and other network devices.
Users: Remediation Team, Security & Compliance Team, Senior Management Executives
Product: Splunk Enterprise, Custom Visualizations
[image] => posts/March2023/AfenVBFO8TCI05T354XI.png [slug] => intelligent-compliance-dashboard-and-reporting-for-financial-major [meta_description] => Global financial services firm creates Intelligent Compliance Dashboard & Reporting system for successful compliance & tracking of security compliance rules [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 14:45:26 [updated_at] => 2023-03-15 11:30:16 [tags] => Splunk, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) [8] => App\Models\Post Object ( [connection:protected] => mysql [table:protected] => posts [primaryKey:protected] => id [keyType:protected] => int [incrementing] => 1 [with:protected] => Array ( ) [withCount:protected] => Array ( ) [preventsLazyLoading] => [perPage:protected] => 15 [exists] => 1 [wasRecentlyCreated] => [escapeWhenCastingToString:protected] => [attributes:protected] => Array ( [id] => 34 [author_id] => 1 [category_id] => 2 [title] => Splunk use case to track and spot suspicious user entries [seo_title] => Splunk use case to track and spot suspicious user entries [excerpt] => Global bank use Splunk to monitor unauthorized user ID creations for fraud prevention. Splunk's alert management effectively tracks & identifies these activities [body] =>Background:
Unauthorized User ID Creation Monitoring in Windows/Unix systems
One of the largest Multinational banks with a global presence wants to monitor unauthorized User ID creations in case of fraudulent activities. Splunk's alert management capabilities provide the bank with an effective method of tracking and identifying these types of activities.
Challenges:
Solutions:
Benefits:
Monitored Systems/Data Sources: Windows/Unix system logs, User Management System logs (Matching Source), User Provisioning Tool logs (Matching Source)
Users: Information Security Team
Product: Splunk Enterprise
[image] => posts/March2023/gYNJD2PCSwlS6IMOf0vk.png [slug] => splunk-use-case-to-track-and-spot-suspicious-user-entries [meta_description] => Global bank use Splunk to monitor unauthorized user ID creations for fraud prevention. Splunk's alert management effectively tracks & identifies these activities [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 15:04:30 [updated_at] => 2023-03-15 11:30:47 [tags] => Splunk, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [original:protected] => Array ( [id] => 34 [author_id] => 1 [category_id] => 2 [title] => Splunk use case to track and spot suspicious user entries [seo_title] => Splunk use case to track and spot suspicious user entries [excerpt] => Global bank use Splunk to monitor unauthorized user ID creations for fraud prevention. Splunk's alert management effectively tracks & identifies these activities [body] =>Background:
Unauthorized User ID Creation Monitoring in Windows/Unix systems
One of the largest Multinational banks with a global presence wants to monitor unauthorized User ID creations in case of fraudulent activities. Splunk's alert management capabilities provide the bank with an effective method of tracking and identifying these types of activities.
Challenges:
Solutions:
Benefits:
Monitored Systems/Data Sources: Windows/Unix system logs, User Management System logs (Matching Source), User Provisioning Tool logs (Matching Source)
Users: Information Security Team
Product: Splunk Enterprise
[image] => posts/March2023/gYNJD2PCSwlS6IMOf0vk.png [slug] => splunk-use-case-to-track-and-spot-suspicious-user-entries [meta_description] => Global bank use Splunk to monitor unauthorized user ID creations for fraud prevention. Splunk's alert management effectively tracks & identifies these activities [meta_keywords] => [status] => PUBLISHED [featured] => 0 [created_at] => 2023-03-06 15:04:30 [updated_at] => 2023-03-15 11:30:47 [tags] => Splunk, Use-case [youtube_video] => [speaker_1_name] => [speaker_1_photo] => [speaker_1_designation] => [speaker_2_name] => [speaker_2_photo] => [speaker_2_designation] => [speaker_3_name] => [speaker_3_photo] => [speaker_3_designation] => [summary_data] => ) [changes:protected] => Array ( ) [casts:protected] => Array ( ) [classCastCache:protected] => Array ( ) [attributeCastCache:protected] => Array ( ) [dates:protected] => Array ( ) [dateFormat:protected] => [appends:protected] => Array ( ) [dispatchesEvents:protected] => Array ( ) [observables:protected] => Array ( ) [relations:protected] => Array ( ) [touches:protected] => Array ( ) [timestamps] => 1 [hidden:protected] => Array ( ) [visible:protected] => Array ( ) [fillable:protected] => Array ( ) [guarded:protected] => Array ( [0] => * ) ) ) [escapeWhenCastingToString:protected] => ) 1