Splunk & Amazon Web Services

Similar documents
AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Training on Amazon AWS Cloud Computing. Course Content

Manage AWS Services. Cost, Security, Best Practice and Troubleshooting. Principal Software Engineer. September 2017 Washington, DC

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Introduction to Cloud Computing

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Security & Compliance in the AWS Cloud. Amazon Web Services

AWS Well Architected Framework

About Intellipaat. About the Course. Why Take This Course?

LINUX, WINDOWS(MCSE),

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Splunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

AWS Solution Architect Associate

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

Getting Started with AWS Security

Cloud Computing. Amazon Web Services (AWS)

AWS 101. Patrick Pierson, IonChannel

Amazon Web Services Training. Training Topics:

Who done it: Gaining visibility and accountability in the cloud

Werden Sie ein Teil von Internet der Dinge auf AWS. AWS Enterprise Summit 2015 Dr. Markus Schmidberger -

HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack

#AWSSummit. Démarrer sur AWS. L élasticité et les outils de gestions

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

Amazon Web Services (AWS) Training Course Content

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Network Security & Access Control in AWS

Automate best practices and operational health for your AWS resources with Trusted Advisor and AWS Health

Splunk Enterprise on the AWS Cloud

Energy Management with AWS

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

What s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services

CLOUD AND AWS TECHNICAL ESSENTIALS PLUS

Certificate of Registration

Automating Elasticity. March 2018

We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

Amazon Search Services. Christoph Schmitter

Serverless Computing. Redefining the Cloud. Roger S. Barga, Ph.D. General Manager Amazon Web Services

Cloud Computing /AWS Course Content

Architecting for Greater Security in AWS

AWS Storage Gateway. Not your father s hybrid storage. University of Arizona IT Summit October 23, Jay Vagalatos, AWS Solutions Architect

Backtesting in the Cloud

Amazon Linux: Operating System of the Cloud

Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus

What is Cloud Computing? What are the Private and Public Clouds? What are IaaS, PaaS, and SaaS? What is the Amazon Web Services (AWS)?

Pass4test Certification IT garanti, The Easy Way!

Grischa Baelden AWS Public Sector Account Manager, DACH. Brendan Bouffler. Worldwide Research and Technical Computing Lead

Eyes Everywhere: Monitoring Today's Borderless Landscape

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

Securing Microservices Containerized Security in AWS

Amazon AWS-Solution-Architect-Associate Exam

Amazon CloudWatch. Developer Guide API Version

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Amazon Web Services Course Outline

Oracle WebLogic Server 12c on AWS. December 2018

AWS Course Syllabus. Linux Fundamentals. Installation and Initialization:

MONITORING SERVERLESS ARCHITECTURES

CLOUD WORKLOAD SECURITY

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Cloud Storage with AWS: EFS vs EBS vs S3 AHMAD KARAWASH

Cloud security 2.0: Joko nyt pilveen voi luottaa?

High School Technology Services myhsts.org Certification Courses

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

Documentation. This PDF was generated for your convenience. For the latest documentation, always see

Splunking Your z/os Mainframe Introducing Syncsort Ironstream

Microservices on AWS. Matthias Jung, Solutions Architect AWS

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter

HOW TO PLAN & EXECUTE A SUCCESSFUL CLOUD MIGRATION

What to expect from the session Technical recap VMware Cloud on AWS {Sample} Integration use case Services introduction & solution designs Solution su

Additional Security Services on AWS

SaaS. Public Cloud. Co-located SaaS Containers. Cloud

NGF0502 AWS Student Slides

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

INTRODUCING CISCO SECURITY FOR AWS

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

Design Patterns for the Cloud. MCSN - N. Tonellotto - Distributed Enabling Platforms 68

Community Edition Getting Started Guide. July 25, 2018

Lambda Architecture for Batch and Stream Processing. October 2018

Amazon AWS-DevOps-Engineer-Professional Exam

Security by Design Running Compliant workloads in AWS

SAP VORA 1.4 on AWS - MARKETPLACE EDITION FREQUENTLY ASKED QUESTIONS

AWS Certifications. Columbus Amazon Web Services Meetup - February 2018

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

Microservices Architekturen aufbauen, aber wie?

A10 HARMONY CONTROLLER

Architecting Microsoft Azure Solutions (proposed exam 535)

Video on Demand on AWS

FAQs. Business (CIP 2.2) AWS Market Place Troubleshooting and FAQ Guide

Zombie Apocalypse Workshop

Deliver High- quality Streaming Media Globally with AWS and Wowza

CYBER SECURITY WHITEPAPER

CASE STUDY Application Migration and optimization on AWS

Transcription:

Splunk & Amazon Web Services June 2016 Tony Bolander tbolander@splunk.com Daniel Lew dalew@splunk.com 1

Industry Leading Platform For Machine Data Machine Data: Any Location, Type, Volume Answer Any Question On- Premises Servers Online Services Security Web Services Networks GPS Location Packaged Applications Ad hoc search Monitor and alert Report and analyze Custom dashboards Developer Platform Private Cloud Storage Desktops Messaging Custom Applications Public Cloud Online Shopping Cart Smartphones and Devices Telecoms Web Clickstreams RFID Call Detail Records Databases Energy Meters Platform Support (Apps / API / SDKs) Enterprise Scalability Universal Indexing

Splunk Insights for AWS Machine Data Why Splunk for AWS? Security Intelligence (Cloudtrail, Config Cloudwatch, Inspector, VPC) Operational Intelligence (Cloudwatch, Config, RDS, ELB, EC2, S3, Cloudfront) DevOps Intelligence (Cloudwatch, Lambda) Big Data Insights (Kinesis, EMR, IoT, S3) Service Billing & Usage Explore Analyze Dashboard Alert Splunk App for AWS Add-on for AWS CloudTrail CloudWatch Config Inspector Billing & Other Services EC2 ECS S3 Cloudfront VPC ELB EMR Kinesis Lambda RDS IoT

Ingests Data From Heterogeneous Data Sources syslog TCP/UDP Local File Monitoring Splunk Forwarder syslog hosts and network devices *nix Windows Mainframes Mounted File Systems \\hostname\mount Active Directory Wire Data Splunk App for Stream Scripted or Modular Inputs shell scripts API subscriptions Unix, Linux and Windows hosts HTTP HTTP Event Collector shell perf API virtual host

Splunk App for AWS: The Data AWS Cloudtrail Service that records AWS API calls for your account and delivers activity logs Provides data to enable security analysis, resource change tracking, compliance auditing, and troubleshooting AWS Config & Config Rules Service that provides resource inventory, configuration history and configuration change notifications Config Rules enables creation of rules to auto-check AWS configurations Provides data to enable resource discovery, service relationships, change tracking & troubleshooting Amazon Cloudwatch Service that collects AWS system metrics and log files Offers ability to stream logs via Amazon Kinesis Provides data to enable utilization & health reporting for services such as EC2, EBS, & RDS Amazon Cloudwatch VPC Flow Logs Service that enables capture of IP traffic information to/from VPC network interfaces Data stored and accessible from AWS Cloudwatch Logs Provides data used to troubleshoot undesired traffic behavior for both operational and security use cases Amazon Inspector Automated security assessment service to help improve security and compliance of apps on AWS Provides data from knowledge base and security findings based on security best practices AWS Access Logs Elastic Load Balancing (ELB) Provides data on load balancer requests to anlayze traffic patterns Cloudfront CDN Provides data about every user request received from Cloudfront S3 Provides data about a single access request and can be used for security and access audits AWS Billing Current Month via Cloudwatch metrics Monthly Detailed Billing for Capacity Management 5

Getting Started! Create a Splunk account: https://www.splunk.com/page/sign_up Access Splunk AMIs on AWS Marketplace and then set-up Splunk App for AWS & AWS Technology Add-On *or* Access Splunk Cloudformation template by following these directions. This environment will include the Splunk App for AWS and Splunk TA for AWS Be sure to take self-paced Using Splunk tutorial + Review Splunk>Docs and Splunk>Apps Automate your deployment: Puppet: https://forge.puppet.com/tags/splunk Chef: https://github.com/chef-cookbooks/chef-splunk 6

Splunk & Amazon Web Services June 2016 7

Why is Splunk Important For AWS Customers? You can t protect what you can t see. Security monitoring will make or break a technology risk management program. Security requires visibility. Best Practices for Securing Workloads in Amazon Web Services Gartner, April 2015 Neil MacDonald, Greg Young Assessing the Risk: Yes, the Cloud Can Be More Secure Than Your On-Premises Environment IDC, July 2015 Pete Lindstrom Amazon Web Services Intro to AWS Security 2015 AWS Summit Series 8

Extrapolating for Other AWS Use Cases You can t operate what you can t see. You can t manage cost for what you can t see. You can t gain business analytics for what you cant see. 9

Splunk s AWS Credentials AWS Advanced Technology Partner AWS Big Data Competency AWS Security Competency AWS Government Competency AWS SaaS Sales Alignment Program (Internal Program) AWS MSP Technology Provider AWS Marketplace Partner AWS IoT Launch partner for IoT analytics AWS Security by Design Program Partner 1 st partner with published Blueprints for AWS Lambda 1 st partner to pass SaaS extension for Well Architected framework

Splunk Portfolio of Cloud/AWS Solutions Cloud Apps & Solutions Splunk App for AWS, ServiceNow, SFDC, Box, more AMIs & Cloudformation AMI for Splunk Enterprise AMI for Splunk Light AMI for Hunk Cloudformation Templates Enterprise on AWS Splunk Core + Enterprise Security & ITSI available 100% Uptime SLA SOC2 Type II Certified Available on AWS & Cloud Starts at $90 / Month App for AWS Support @.conf16! Hunk for AWS EMR Splunk Analytics for AWS Elastic MapReduce (Hadoop/HDFS) AWS Specific Integrations AWS Lambda: First partner blueprint AWS IoT: Featured analytics platform AWS Kinesis: TA & Mod Input AWS EC2 Container Service: Splunk Driver 11

Splunk Insights for AWS Machine Data Why Splunk for AWS? Security Intelligence (Cloudtrail, Config Cloudwatch, Inspector, VPC) Operational Intelligence (Cloudwatch, Config, RDS, ELB, EC2, S3, Cloudfront) DevOps Intelligence (Cloudwatch, Lambda) Big Data Insights (Kinesis, EMR, IoT, S3) Service Billing & Usage Explore Analyze Dashboard Alert Splunk App for AWS Add-on for AWS CloudTrail CloudWatch Config Inspector Billing & Other Services EC2 ECS S3 Cloudfront VPC ELB EMR Kinesis Lambda RDS IoT

How FINRA Uses Splunk Cloud for Security Transforms third-party threat intelligence information into security alerts Leverages the Splunk App for AWS Extends solution to report on AWS Cost Optimization Splunk Cloud gives you applications which let you get huge amounts of value from your data. Sr. Director of Information Security 13

Reduced error rates by 2 orders of magnitude in a couple of weeks Better Code, Faster Development Rapidly found and fixed one line of code responsible for 30,000+ errors Real-time dashboards on error rates and production impact In-depth visibility as they strategically migrate apps to AWS Cloud and Migration to Cloud 14

Supporting Global Websites Real-time insight ensures an optimum customer experience, even during peak sales periods Proactive troubleshooting results in faster resolution of issues Real-time monitoring ensures confidence in the cloud When I look at the e-commerce chain from customer service, through to the warehouse and even in the physical stores there s opportunity to drive value with Splunk everywhere. E-Commerce Systems Architect, Kurt Geiger

Splunk App for AWS v4.2

Splunk App for AWS: The Data AWS Cloudtrail Service that records AWS API calls for your account and delivers activity logs Provides data to enable security analysis, resource change tracking, compliance auditing, and troubleshooting AWS Config & Config Rules Service that provides resource inventory, configuration history and configuration change notifications Config Rules enables creation of rules to auto-check AWS configurations Provides data to enable resource discovery, service relationships, change tracking & troubleshooting Amazon Cloudwatch Service that collects AWS system metrics and log files Offers ability to stream logs via Amazon Kinesis Provides data to enable utilization & health reporting for services such as EC2, EBS, & RDS Amazon Cloudwatch VPC Flow Logs Service that enables capture of IP traffic information to/from VPC network interfaces Data stored and accessible from AWS Cloudwatch Logs Provides data used to troubleshoot undesired traffic behavior for both operational and security use cases Amazon Inspector Automated security assessment service to help improve security and compliance of apps on AWS Provides data from knowledge base and security findings based on security best practices AWS Access Logs Elastic Load Balancing (ELB) Provides data on load balancer requests to anlayze traffic patterns Cloudfront CDN Provides data about every user request received from Cloudfront S3 Provides data about a single access request and can be used for security and access audits AWS Billing Current Month via Cloudwatch metrics Monthly Detailed Billing for Capacity Management 17

Splunk App for AWS: The Value Increase visibility into AWS resource utilization & user activity across all accounts Ensure adherence to security and compliance standards with a audit reporting Understand AWS environmental dependencies via interactive topology visualization Monitor VPC traffic utilization for additional patterns & security insights Cost Optimization through Monthly and Detailed Billing Dashboards 18

Overview for Splunk App for AWS The overview page shows you on one screen information about: Configuration changes Compute Storage Billing ELB Cloudfront Security Notable CloudTrail Activity is highlighted on the map. Drill down on any event and gain detailed information.

AWS Topology Topology view gives you a holistic view of your current or historical AWS deployment using AWS Config Maps out relationships between all the components, giving you a clear view into the environment Clickable layers adds additional visual queues for high CPU or network traffic Snapshot feature allows for topology to be saved for future use Config

AWS Topology - Expanded Visuals Config CloudWatch CloudTrail

AWS Topology - IAM IAM Topology view uses AWS Config to provide a comprehensive view of Identity and Access Management Information Provides visual way to manage IAM Users, Groups and Policies Select entity of interest to see IAM relationships

AWS Usage Overview In one glance, instantly see your EC2 usage and EBS Volume data info via Cloudwatch metrics Click through dashboards for details on individual EC2 instances and EBS Volumes Drill down into raw search for even more detailed views on your instances.

VPC Flow Data - Traffic Utilizes VPC Flow Logs from Cloudwatch for Traffic Analysis Visualize VPC traffic by interface, time, and location

VPC Flow Data - Security Utilizes VPC Flow Logs from Cloudwatch for Security Analysis Drill down into rejected vs. accepted traffic View top Source Country and City information See top source / destination and IP Addresses and ports

AWS Billing & Capacity Planning Utilizes Billing Logs from Cloudwatch for Month-to-Date billing and End-of-Month projections Detailed Historical Billing Dashboard available using Monthly AWS Detailed billing reports Capacity Planner gives additional clarity on AWS On-Demand instance spending

AWS S3 Access S3 Access logs provide visibility on the health, requests, and traffic volume handled by your S3 bucket objects across all accounts. Aggregations by requester, useragent, and error codes give insights for troubleshooting, security and general product/business analytics.

AWS Elastic Load Balancer ELB dashboards provide visibility on the health, latency and request volume of your load balancers Client and server side errors are surfaced (HTTP 4XX-5XX errors) by account and region

AWS Cloudfront CDN Cloudfront Dashboards displays visitor information per edge location, referrers, cache hits/misses and traffic volume Provides operational utility by adding visibility to errors, latency, distribution Provides business insights such as geo location of visitors, user agents and referrers.

AWS User & IAM Activity Utilizes Cloudtrail data to quickly see the number of active users logged into the system Get alerted on Unauthorized user activities and create additional alerts for any user action See what ARN s are being used to access services and the correlated functions

AWS Key Pairs Activity Utilizes Cloudtrail data to quickly see number of In-Use Key Pairs, Error events and actions Reports on Key Pair usage by Region and activity over time

Getting Started! Create a Splunk account: https://www.splunk.com/page/sign_up Access Splunk AMIs on AWS Marketplace: https://aws.amazon.com/marketplace/search/results/ref=lbr_navgno_search_box?page=1&se archterms=splunk and then set-up the Splunk App for AWS & AWS Technology Add-On *or* Access Splunk Cloudformation template by following these directions. This environment will include the Splunk App for AWS and Splunk TA for AWS Be sure to take self-paced Using Splunk tutorial + Review Splunk>Docs and Splunk>Apps 32

AWS Extras

Utilizes new Splunk HTTP Event Collector Enabling Developers by Monitoring Lambda functions Use Lambda to pipe events from services like Kinesis to Splunk Configure in the AWS Console or use our JavaScript and Java logging libraries Splunk & AWS Lambda http://dev.splunk.com/goto/awslambda 34

Splunk & AWS IoT Visibility into Connected Devices communicating with Cloud Apps Enables advanced analytics & insights for IoT deployments

Hunk & AWS Elastic Map Reduce (EMR) Gain insights - Explore, analyze, and visualize Amazon EMR and Amazon S3 data at massive scale Unlock the business value of stored data Preview search results before MapReduce jobs finish Quickly conduct sophisticated analytics Easily provision Hunk from AWS EMR Console Use for only as long as you need it Charged by the hour 36

Splunk Enterprise on AWS Deployment Guidelines 37 Workload = Searching + Indexing Storage - Ephemeral or EBS - Data Retention Dependent Compute - Best Available Archiving - S3 Best Practices for Sizing Splunk on AWS Tech Brief Splunk Cloudformation Templates Splunk Admin Docs Search Heads (8+ users) c4.4xlarge 16 vcpu, 30 GB RAM c4.8xlarge 36 vcpu, 60 GB RAM Indexers (50-250GB/day/indexer) c4.4xlarge d2.4xlarge c4.8xlarge 16 vcpu, 30 GB RAM 16 vcpu, 122 GB RAM 36 vcpu, 60 GB RAM CloudFormation Templates Consistent, repeatable deployments for Splunk on AWS Abstract away details of configuring distributed Splunk Extensible and customizable to fit any need CF Templates On GitHub

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback