If you run CrowdStrike Falcon® LogScale, previously known as Humio, locally or on-premises, one of your first steps is to configure local storage so that LogScale has a persistent data store where it can send logs. If you’re running LogScale as a cluster setup, then you’ll have some data replication as a function of how LogScale manages the data. However, even with that replication, you’ll probably still want something outside of your local infrastructure for resiliency.

Docker is the primary tool used for containerizing workloads. If your company wants to build containers with quality, then you’ll need access to your Docker container logs for debugging, validation and optimization. While engineering teams can view container logs through straightforward CLI tools (think docker logs), these tools don’t provide a mechanism for storing or indexing logs over time. A central, remote location for gathering logs from Docker containers is necessary.

We know the time between Thanksgiving and New Year’s is typically slow so we wanted to bring some early holiday cheer to you through the most downloaded (and free) app on Splunkbase, Splunk Security Essentials (SSE). Starting Dec. 7, Splunk Security Essentials 3.7.0 is Generally Available. We have some amazing updates in the SSE 3.7.0 release, so let’s dive right into the updates.

Splunk has been named a Leader in the IDC MarketScape: Worldwide SIEM 2022 Vendor Assessment (doc #US49029922, November 2022). We believe this recognition is a testament to our commitment to delivering a best-in-class, data-centric security analytics solution that helps our customers accelerate threat detection and investigations, and achieve cybersecurity resilience.

The SOC is changing. And to keep cybercriminals from wreaking havoc, security teams must mature their security operations to derive more value from the systems, tools, and data at their disposal. To do so, organizations are increasingly automating more SOC tasks and have long-term plans to build autonomous SOCs to augment their security analysts.

The SMLS team enables Splunk customers to find obscure and buried threats in large amounts of data through expert analytics. This work is part of a set of machine learning detections built by a specialized team of security-focused data scientists working in concert with Splunk’s threat research teams to help Splunk customers sift through vast amounts of data to identify and alert users of suspicious content.

By way of a brief introduction, I have had a 25+ year career in technology, and this has come with some wonderful experiences and opportunities along the way. One constant throughout my journey has been a need to increasingly leverage data, enabling informed decisions (even automated) at all levels to ensure: secure, high performing and observable products and services are available to the customers and partners I’ve been supporting.

It’s an ever-changing and ever-evolving threat landscape out there today. Bad actors are smarter, more sophisticated, and better at evading detection. Security teams are also facing a barrage of overwhelming information, continually expanding the stream of alerts that must be reviewed, triaged and investigated.

Devo recently announced that it has entered into a strategic collaboration agreement with Amazon Web Services (AWS). This is a significant milestone for Devo and great news for our mutual customers with AWS. We caught up with Tony Le, cloud partnerships director, to take a deeper dive into what this means and how the collaboration will benefit our users in the long run.

Data encryption is one of the many ways organizations can protect their data. Encryption turns plaintext (readable data) into ciphertext (randomized data), which requires the use of a unique cryptographic key for interpretation. In other words, encryption is a security measure used to scramble data so that it can only be read by authorized personnel.