Splunk Tech Talks
Deep-dives for technical practitioners.

Cloud Data Modeling for Security

melissap
Splunk Employee
Splunk Employee

View the Tech Talk: Platform Edition, Cloud Data Modeling for Security 

Are you trying to achieve end-to-end visibility across your multi-cloud or hybrid environment but running into roadblocks? This tech talk addresses the challenge of normalizing data from the 3 major cloud service providers’ implementations, and establishing a set of security checks across them. Join us to learn how to implement a unified framework within data analytics tools that can be used for cloud monitoring, investigation, detection and response.

Tune in to learn about:

  • Normalizing data from different cloud vendors
  • Difference between perimeter and cloud security posture
  • Splunk tools to achieve vendor wide security monitoring, detection and defense

Tech Talk discussions remain open for two weeks following the live Tech Talk event. Have more questions? Check out our  Splunk Cloud conversations in Splunk Answers community for more!

melissap
Splunk Employee
Splunk Employee

Here is a question that came up during the Tech Talk. Sharing for all.

Q: Does Splunk have any plans to keep this DM up to date with the pace that AWS/Azure/GCP are updating the ways in which their logging can vary?
A: The plan is to do via TA/Addons and tools like the Cloud DM
melissap
Splunk Employee
Splunk Employee

Here are some follow up materials for your journey:

  • Get the cloud data model from GitHub: Code repository with detailed documentation on pre-requisites, installation and troubleshooting
  • Read the blog post: Using the cloud data model to detect container implantation
  • Watch the DEFCON session recording Cloud Village - Rod Soto's and José Hernandez' 'Using Splunk For Auditing AWS GCP Azure Security'
  • Leave us feedback by emailing research@splunk.com or visit ideas.splunk.com