Tag Archives: data

Gartner Survey Highlights the Developing Role of the Chief Information Officer in India

Digitalization and technological innovation are changing the nature of the job of the CIO, according to Gartner, Inc. Gartner's annual global survey of CIOs showed that the CIO role is transitioning from delivery executive to business executive, from controlling cost and engineering processes, to driving revenue and exploiting data.

Gartner Survey Finds Banking and Investment Services CIOs are the Most Focused on Digitalization

Banking and investment services CIOs are increasingly convinced that their old business models and existing value propositions will not be sustainable in the future, according to a survey from Gartner, Inc. Gartner's 2018 CIO Agenda Survey gathered data from 3,160 CIO respondents in 98 countries and across major industries, including 354 banking and investment services CIOs.

My latest Gartner Research:SWOT: Huawei Data Center Business, Worldwide

27 September 2017  |  Huawei’s data center business has grown rapidly worldwide, but it has so far been unable to penetrate North America. Technology business unit leaders responsible for data center business should use this note to decide how to compete or partner with Huawei….

Gartner clients can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Configuring Logstash and Kibana to receive and Dashboard Sonicwall Logs

Note: If you want to quickly download my Logstash config and Kibana dashboards, see the end of this post.

Locate and Update your Logstash.conf File
First, you must update your logstash configuration file, generally located in /etc/logstash or /etc/logstash/conf.d/ and named logstash.conf

Add a logstash input
In logstash.conf, you must first add an input which will allow logstash to receive the syslog from your Sonicwall appliance along with a designated “listening” port. For my configuration, I set this to port 5515. In my logstash instance, I am using Suricata SELKs, so you can also see a file input for that prior to my Sonicwall input. See below (the text highlighted in RED was the text I added to the config file).

input {
file {
path => [“/var/log/suricata/eve.json”]
#sincedb_path => [“/var/lib/logstash/”]
sincedb_path => [“/var/cache/logstash/sincedbs/since.db”]
codec => json
type => “SELKS”
}
syslog {
type => Sonicwall
port => 5515
}

Insert a logstash Filter
The next step is to insert a new filter for parsing your sonicwall logs, this is so that Logstash knows how to automatically create fields so that you can filter on specific fields in Syslog. Below is the text that I added to the configuration file.  Important: You must make sure that if you have pre-existing filters, your start and end curly braces appropriately open and close and in the filter section the text below incorporated into the filter bracketed text.

if [type] == “Sonicwall” {
kv {
exclude_keys => [ “c”, “id”, “m”, “n”, “pri” ]
}
grok {
match => [ “src”, “%{IP:srcip}:%{DATA:srcinfo}” ]
}
grok {
match => [ “dst”, “%{IP:dstip}:%{DATA:dstinfo}” ]
}
grok {
remove_field => [ “srcinfo”, “dstinfo” ]
}
geoip {
add_tag => [ “geoip” ]
source => “srcip”
database => “/opt/logstash/vendor/geoip/GeoLiteCity.dat”
}

Configure the Parsed Output Location
Finally, you need to configure the output for the config file. The output is to send into the logstash instance. Below is the configuration for this. In this case, my logstash instance is sending to localhost because it is running on the same box.

}

output {
elasticsearch {
host => “127.0.0.1”
protocol => transport
}
}

Configure the Sonicwall
Next you will need to configure your Sonicwall to send syslog messages to the logstash server. Login to your sonicwall, go to “Log->Syslog and then add a server x.x.x.x with port 5515.

Next you’ll need to turn on Sonicwall Name Resolution for Logs
Go to Log->Name Resolution and make sure to setup a DNS server to resolve names. Otherwise, the src and dst fields in the Kibana dashboards will not have names and show double IP address entries.

Finally, you’ll need to configure dashboards in Kibana. To make all of this easier, I’ve included all my files below that can be easily downloaded.

Logstash Configuration *Use Right-Click and Save As*

Kibana Dashboards
(To Import go into Kibana and select “Load” then go to “Advanced and click on “Load File”)

  • Sonic-Alerts (Filters the Top Alert Messages from the Sonicwall Syslog
  • Sonic Top (Filters the Top Source and Destination hosts and events associated with your sonicwall.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner research: Best Practices for Detecting and Mitigating Advanced Persistent Threats

Information security practitioners must implement specific strategic and tactical best practices to detect and mitigate advanced persistent threats and targeted malware by leveraging both existing and emerging security technologies in their security architectures. Management silos between network, edge, endpoint and data security systems can restrict an organization’s ability to prevent, detect and respond to advanced attacks. Adversaries continue to use social engineering and social networks to target sensitive roles or individuals within …

Gartner clients can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner research: Forecast: Information Security, Worldwide, 2013-2019, 1Q15 Update

The information security market will grow 7.7% in revenue in 2014, with the IT security outsourcing segment recording the fastest growth — 15.2%. 1 Summary Tables Suitable for Printing 2 Pivot Table for Analysis 3 Data Structure and Definitions 4 Exchange Rates 5 Tips for Using Pivot Tables 1-1 Security Spending by Region, 2013-2019 (Millions of Dollars) 1-2 Security Spending by Segment, 2013-2019 (Millions of Dollars) 2-1 Worldwide …

Gartner clients can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner research: Cool Vendors in Security Intelligence, 2015

Cool Vendors in security intelligence offer highly innovative technologies that address an organization’s demand for data-driven analytics, techniques in obfuscation and deception, and advanced detection solutions. CISOs should use this research when evaluating technology trends for planning. … illusivenetworks.com ) Analysis by Avivah Litan and Lawrence Pingree Why Cool: Illusive networks offers advanced attack deception … California ( trapx.com ) Analysis by Craig Lawson, Lawrence Pingree and Oliver Rochford Why Cool: TrapX Security is …

Gartner clients can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail