SplunkLive! Customer Presentation - ExxonMobil
5 likes5,384 views
Razi Asaduddin presented on how ExxonMobil uses Splunk for various purposes including cyber security, network and application performance monitoring, and capacity planning. Some key points included how Splunk has allowed ExxonMobil to gain visibility and insights across data that was previously siloed, and how their use of Splunk has evolved from one-dimensional searches to multi-dimensional pivoting and visualization. Razi also shared best practices like starting with simple questions and gradually building complexity, as well as methods for policing Splunk usage within the organization.
SplunkLive! Customer Presentation - ExxonMobil
- 1. Copyright © 2014 Splunk Inc. July 15th, 2014 ExxonMobil Splunk Razi Asaduddin Cyber Security Advisor & Splunk Shared Service Team Lead July 15th, 2014
- 2. 2 About ExxonMobil Corp 2 • Pretty Big - Fortune 1-ish • ~50 Countries • 80,000 Employees • $32.5bn in earnings in 2013 • 2M Barrels per day • 11.8bn cubic feet of natural gas
- 3. 3 About Me – Razi Asaduddin Cyber Security Technical Advisor – Monitoring, Process Design, Incident Handling, Threat Assessment, Malware Reverse Engineering, Digital Forensics Splunk Shared Service Team Lead – Designed, Architected, Implemented, Coded, and Administered Global Splunk Instance – Responsible for Splunk service and strategy – In-house consulting for prospective use cases – Evangelizing, PoCs, modeling, and tool rationalization Two-year Splunker and 2013 Revolution Award nominee • Contact: Razi.asaduddin@gmail.com
- 4. 4 Agenda Why Splunk? How we use Splunk How we have evolved Best practices Future
- 7. 7 Before Splunk Manual data Lag Time Visibility Silos Data knowledge
- 8. 8 How We Use Splunk Cyber Security Network Performance Application Performance Capacity PlanningCall Quality Misconfiguration Linux Administration
- 9. 9 How We Use Splunk – Cyber Security • Investigation and Incident Response • Complex Correlation • Proactive Alerting • Auto-remediation
- 10. 10 How We Use Splunk – Performance • Reduce Data to: – OS + Application + Server + DB + Network + Endpoint Performance • 10,000 foot view & 1-foot view • Pivot
- 11. 11 Thought Process Gather Correlate Enrich Visualize Alert Action
- 13. 13 Best Practices Ask simple questions and build up Double-check raw data What data do we not have? Splunk it! Build a Splunk network Alert on it or automate it Policing
- 14. 14 Policing I’ll just run this at midnight when no one else does
- 15. 15 Policing CPU & Memory Performance Number of searches Errors Long searches Wall of Shame
- 16. 16 Fun Stuff Longest running search – 96 hrs Longest search text – 80 lines Magical Midnight – pitfall Wall of Shame – Splunk in life
- 17. 17 Future More Visualization - Turn raw events into this:
- 20. Thank You