Session - Enrichment: Better Data in → Better Response Times Out
Enrichment: Better Data in → Better Response Times Out
Shawn Cannon, Threat Management Consultant, Aflac
Shawn has over 26 years of IT experience working in systems administration, client hardware implementations, managed security services and big data. His current focus is managing the SIEM and AWS environment for the SIEM, working to bring in new data as needed and improving on the existing data ingestion process.
Context is king–that’s why optimizing your data, enriching it in the stream, and having the ability to see it and tweak it before sending it into analytics tools or storage can be a game changer. When you are reviewing or correlating the data to troubleshoot, run investigations and respond, think how much time your team can save by having the right geolocation, asset, timestamp and even threat intel already associated with the log data?
We had a fun time making this work–and you can too. We’ll show how you can set up and use a Redis cache along with Cribl Stream to enhance your data before sending it to its destination. We’ll cover how we imported a 34 million row CSV file into Redis and use the Redis function to match fields to records to add a new field that is used for faster identification of data once it is in Splunk.
What you’ll be able to do after attending:
You’ll learn how easy and fast (and fun!) it is to set up and use Redis for large data sources to enhance the data coming into Cribl Stream for various data enrichment use cases.
All Skill levels
30 minutes
Comments
-
Hope to see many of you there at the session!
0
