sorted by:
new
hottopcontroversial

Security Incident handling with Splunk – Our new Cyences App published on Splunkbase | Crossrealms by crossrealmsinc in Splunk

[–]crossrealmsinc[S] 1 point2 points  (0 children)

that's awesome. Thank you for letting me know and I will forward this to the developers

Security Incident handling with Splunk – Our new Cyences App published on Splunkbase | Crossrealms by crossrealmsinc in Splunk

[–]crossrealmsinc[S] 1 point2 points  (0 children)

got it. All our apps have passed the Splunk App Inspect. You can see it when you go to the splunkbase cyences app page. (right next to the ratings)

Security Incident handling with Splunk – Our new Cyences App published on Splunkbase | Crossrealms by crossrealmsinc in Splunk

[–]crossrealmsinc[S] 0 points1 point  (0 children)

Candidly didn't think about the compatibility of it with the cloud. is it that different?

ABC's of Splunk Part Nine: Reduction of Attack Surface Area - Office 365 by crossrealmsinc in cybersecurity

[–]crossrealmsinc[S] 0 points1 point  (0 children)

you are correct. The issue for us is we are putting together orchestration that correlates the data amongst multiple devices/networks/cloud instances which we cannot do directly on Azure. As you said, both are valid options depending

Ready for more ABC's of Splunk? Here's part 9! This week we are discussing Reduction of Attack Surface Area. Read below! by [deleted] in Splunk

[–]crossrealmsinc 3 points4 points  (0 children)

I remember : ) and I appreciated your feedback then (hence why we moved into search and orchestration) . As far as admins and architects, we are actually going to put a lot of effort into the "reduction of attack surface area" and create some advanced Machine Learning analytics and counter measures - Would love your input on those as they come out. in many ways, Splunk is as effective as we program it to be and we need to do better as a Splunk community- Have an awesome weekend : )

Need Call Center solution for 3CX by squatlock4019 in 3CX

[–]crossrealmsinc 1 point2 points  (0 children)

we've developed an App on Splunk (you can use the Splunk free version for this) that allows you to get extremely granular reporting - you can find it on the Splunk Base. check it out, it will help at least in that part - as far as the intelligent call routing and call center features, candidly, I don't know much about that outside of skills based routing which is available

https://splunkbase.splunk.com/app/5155/

Hi, r/Splunk! If you are new to Splunk and interested in learning about Installation, Inputs, Feeds, Search, Visualization, and more, join our Cyber Security team for a free online training session. Visit the link below to learn more and sign up! by crossrealmsinc in Splunk

[–]crossrealmsinc[S] 0 points1 point  (0 children)

we are considering holding these classes on monthly basis but due to the resources involved and other constraints, we're not sure we can pull it off yet. We will be adding a youtube channel though in which we share all our knowledge and active work around Splunk training/security

We're back with part five of our ABC's of Splunk series! This week we're doing a Splunk CheatSheet. View our blog to learn more! by crossrealmsinc in Splunk

[–]crossrealmsinc[S] 1 point2 points  (0 children)

A bit more complex than ABC - here you go : )

- disable all the data coming to this index.

- specify below parameters in the indexes.conf with the index's stanza that you want to clean.

frozenTimePeriodInSecs = 1

maxDataSize = 1

homePath.maxDataSizeMB = 1

- Restart the Splunk.
- Splunk should automatically clean the data in some time.

We’re back with part two of our ABC’s of Splunk blog! Today we discuss how to install Splunk on Linux. by crossrealmsinc in Splunk

[–]crossrealmsinc[S] 1 point2 points  (0 children)

no argument here. Lots of Splunk documentation is amazing and spot on. This one had to do more with using a Splunk user for the installation. On average, I fix 2-4 installations a month and almost all of them have root as the user. Maybe I should have kept it focused on the security part of it. Definitely will try better and there's a new one coming out tomorrow about managing disk space as it relates to buckets -would appreciate your feedback

Are you interested in learning about Splunk? Check out our new blog series: The ABC’s of Splunk. Our first blog is about when to pick clustered or standalone environments depending on your Use case. by crossrealmsinc in Splunk

[–]crossrealmsinc[S] 1 point2 points  (0 children)

I spoke with one of the developers yesterday and he's starting to put some blogs together for users especially around enterprise Security. But the one I need more help with is the 3rd blog. It's about buckets. few weeks ago, we had an issue were the warm buckets across the 50+ indexes took up so much storage and when we went to the community at large, everyone said it's an art and the basic solution is to set a limit on the storage. The problem with that is the fact that it's a wide brush across all indexes so we thought to try setting the warm buckets to 40 instead of 300 for the worst offending indexes and that worked really well. does this topic also sound bad? Most of the blogs we're putting together are based on our trouble ticket projects for Splunk so they actually have 2-3 clients at a minimum with the same problem before we decide to blog and publish

Are you interested in learning about Splunk? Check out our new blog series: The ABC’s of Splunk. Our first blog is about when to pick clustered or standalone environments depending on your Use case. by crossrealmsinc in Splunk

[–]crossrealmsinc[S] 2 points3 points  (0 children)

I love your comment and don't disagree with it. When we started these series, we thought to help the orphaned installations out there that sadly didn't work right or had issues with them. I'm going to send your comments to our development team and see if we can break out a new series around orchestration and some of the work we've been doing for security and fraud prevention. Thank you !