How to download SPLUNK ENTERPRISE [Free Edition].

Guys I should shout out loud now - THIS TOOL IS AWEEESSSOME!!!

I have been using this tool since a last few days and this is something more than a SIEM tool.

Just go to http://www.splunk.com/justask and you will come to know that SPLUNK will soon become the Rajnikant (https://en.wikipedia.org/wiki/Rajinikanth) of SIEM industry.

 What is Splunk ? (You will get the details on this link)

I am excited to start this detailed working series on Splunk (with Hands- On) , so lets do the first thing first -

                                                        


                                                      Installation of Splunk Enterprise

Splunk has been generous to launch its freemium versions of Splunk light and Splunk Enterprise.

• So in order to download Splunk Entreprise edition - Go to www.splunk.com and click on FREE SPLUNK tab.

     

• Once you click on the free Splunk tab, you will be redirected to the products page .

                                                                Explore Spunk Cloud trail .

• Click on the free download tab under Splunk Entreprise .

  


 *When you download Splunk Entreprise for free, you get a Splunk Entreprise license for 60 days that lets you index up to 500 megabytes of data per day.

• Choose the operating system for which you are going to download.

I am still in love with windows, so I will go ahead with that.

Once you choose any of the operating system , you will be asked for which versions / flavors of OS you want to download Splunk Entreprise.

• Choose accordingly , then you will be asked to create a Splunk account and verify.

• After providing all your details and verifying , then login into Splunk.

• Once you login , your download will start automatically. 

• And if Splunk is angry on you (just kidding :P) and the download doesn't starts automatically, then download from these links. 
• After the download is completed , you will get the installation file .

• Click on the file and accept the license agreement, because you don't have any other option :P

• After clicking on install, then sit back and relax till the installation is completed .

• Wake up ninja , the installation has completed, click on finish.

• Hola !! This is the first time login page of Splunk Entreprise.

• The default username : admin and password : changeme

• After you sign-in with the default password, it is highly recommended to change the password.

And this is it , you get the dashboard of Splunk entreprise.




Be ready to do wonders with this lovely tool.

                                          Stay happy, Stay healthy and keep learning  .

Ingredients for successful SIEM deployment.

Just like we need multiple handpicked ingredients for making a delicious butter chicken,in the same manner, we require multiple ingredients for an awesome SIEM deployment .

The soul of SIEM is log collection and the heart is knowledge collection .

Therefore in order to function like Hulk, and think like Captain America,SIEM  require logs and knowledge from these systems :

LOGS AND ALERTS:

Security Controls 

• Intrusion Detection 
• Endpoint Security (Antivirus, etc) 
• Data Loss Prevention 
• VPN Concentrators 
• Web Filters
•  Honeypots
•  Firewalls 

Infrastructure

•  Routers 
•  Switches
•  Domain Controllers 
•  Wireless Access Points
•  Application Servers 
•  Databases 
•  Intranet Applications 

KNOWLEDGE:

Infrastructure Information 

• Configuration 
• Locations 
• Owners 
• Network Maps 
• Vulnerability Reports 
• Software Inventory 

Business Information 

• Business Process Mappings 
• Points of Contact 
• Partner Information

Check the below diagram for a visual understand

Courtesy :www.alienvault.com

  

Who gave that name ? SIEM!!

Just like human beings ,the term SIEM  also evolved from many other terms.

•  LMS  “Log Management System” – a system that collects and stores log files (from Operating Systems, Applications, etc) from multiple hosts and systems into a single location, allowing centralized access to logs instead of accessing them from each system individually.

• SLM /SEM  “Security Log/Event Management” – an LMS, but marketed towards security analysts instead of system administrators. SEM is about highlighting log entries as more significant to security than others.

• SIM  “Security Information Management” – an Asset Management system, but with features to incorporate security information too. Hosts may have vulnerability reports listed in their summaries, Intrusion Detection and AntiVirus alerts may be shown mapped to the systems involved.

• SEC  “Security Event Correlation” – To a particular piece of software, three failed login attempts to the same user account from three different clients, are just three lines in their logfile. To an analyst, that is a peculiar sequence of events worthy of investigation, and Log Correlation (looking for patterns in log files) is a way to raise alerts when these things happen.

• SIEM  “Security Information and Event Management” – SIEM is the “All of the Above” option, and as the above technologies become merged into single products, became the generalized term for managing information generated from security controls and infrastructure. We’ll use the term SIEM for the rest of this presentation.

Now you got that ;)

Courtesy : www.alienvault.com

What the heck is SIEM?

Layman's SIEM defination
Security Information and Event Management (SIEM) is about looking at your network through a larger lens than can be provided by a single security control or information source.