The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/657874
34 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | SPRING 2016 Beyond Operational Intelligence with Splunk CASE STUDIES Splunk is a highly adaptable logging and analysis platform capable of performing data- driven reporting, alerting, monitoring and investigations. Splunk is based on use cases, each one aiming to analyze/present an event or series of events of interest. "Wow" Factor: » Fast searching of six months of log data » Immediate value when deployed using a mix of Splunk community and premium apps » Simple and intuitive Google-like search bar Security: Splunk can be deployed securely when using industry-standard hardening guidelines. It's important to consider the confidentiality of your log data, enforce least privilege on log access and strictly control the number of Splunk administrators. Why Splunk? » Free Community apps like the Splunk App for Windows Infrastructure, Active Directory, F5 and Qualys » Premium apps like Enterprise Security, VMWare, Exchange, IT Service Intelligence(ITSI) and User Behavior Analytics (UBA) Negatives: Splunk licensing is based on gigabytes of log data indexed per day. Depending on log volume and your firm's license, this licensing model can make it costly to collect logs for the sole purpose of preservation. P2P Splunk at Strook For Stroock, so far Splunk has: » Created transparency where previously there was none » Acted as a decision support system for validating the use of applications, which allows us to adjust our licensing or sometimes remove products entirely » Allowed non-developers to create simple yet meaningful visualizations » Proven to be more difficult to manage than anticipated, which has encouraged additional and more aggressive cross- training We are working on Splunk becoming the single source of IT-related information. When users call the service desk, they will enter their username, which will display the caller's entire technical profile with information from a wide variety of sources, including password expiration date, last PC logged on and that PC's vitals (make, model, CPU, last boot-up time, mapped drives/ printers, Windows Updates needed, key soware installed and versions, etc.), provisioned mobile devices, remote access usage, service desk tickets, document activity and more all in one place. Curiosity To Gain Intelligence With enough curiosity (and permission to view the data), Splunk can make you more informed about machine data than just about anyone else in the organization. W. Edwards Demming once said that "Without data you're just another person with an opinion." With the incredible machine data from Splunk, you will be a person (and organization) with true business intelligence. P2P Splunk in 30 Seconds by Ma Radolec of WilmerHale