Charles Leaver – Amazing Enthusiasm For Ziften At Splunk .conf

Written By Josh Applebaum And Presented By Charles Leaver


Like many of you, we’re still recovering from Splunk.conf recently. As usual,. conf had excellent energy and the people who were in participation were passionate about Splunk and the numerous use cases that it provides through the big app ecosystem.

One important statement throughout the week worth mentioning was a new security offering referred to as “Content Updates,” which essentially is pre-built Splunk searches for helping to find security events.

Generally, it takes a look at the newest attacks, and the Splunk security team produces new searches for how they would hunt through Splunk ES data to discover these types of attacks, and after that ships those new searches down to customer’s Splunk ES environments for automatic alerts when seen.

The best part? Because these updates are utilizing mostly CIM (Common Info Model) data, and Ziften occupies a lot of the CIM models, Ziften’s data is already being matched against the new Content Updates Splunk has produced.

A fast demonstration showed which vendors are adding to each type of “detection” and Ziften was mentioned in a great deal of them.

For instance, we have a current blog post that shares how Ziften’s data in Splunk is used to identify and react to WannaCry.

In general, with the approximately 500 individuals who came by the booth over the course of.conf I have to say it was among the best occasions we’ve done in terms of quality discussions and interest. We had nothing but favorable evaluations from our thorough discussions with all walks of business life – from highly technical analysts in the public sector to CISOs in the financial sector.

The most common discussion usually started with, “We are just starting to implement Splunk and are new to the platform.” I like those, since people can get our Apps for free and we can get them an agent to experiment with and it gets them something to utilize right out of the box to show worth instantly. Other folks were really seasoned and truly liked our approach and architecture.

Bottom line: People are truly thrilled about Splunk and genuine services are offered to help people with genuine issues!

Curious? The Ziften ZFlow App and Technology Add-on assists users of Splunk and Splunk ES use Ziften-generated extended NetFlow from end points, servers, and cloud VMs to see what they are missing out on at the edge of their network, their data centers, and in their cloud implementations.