TaoSecurity Blog

Since posting Bejtlich Moves On I've been rebalancing work, family, and personal life. I invested in my martial arts interests , helped more with home duties, and consulted through TaoSecurity . Today I'm pleased to announce that, effective Monday May 21st 2018, I'm joining the Splunk team. I will be Senior Director for Security and Intelligence Operations, reporting to our CISO, Joel Fulton. I will help build teams to perform detection and monitoring operations, digital forensics and incident response, and threat intelligence. I remain in the northern Virginia area and will align with the Splunk presence in Tyson's Corner. I'm very excited by this opportunity for four reasons. First, the areas for which I will be responsible are my favorite aspects of security. Long-time blog readers know I'm happiest detecting and responding to intruders! Second, I already know several people at the company, one of whom began this journey by Tweeting about opportu

I first used Splunk over ten years ago, but the first time I blogged about it was in 2008. I described how to install Splunk on Ubuntu 8.04 . Today I decided to try the Splunk Cloud . Splunk Cloud is the company's hosted Splunk offering, residing in Amazon Web Services (AWS). You can register for a 15 day free trial of Splunk Cloud that will index 5 GB per day. If you would like to follow along, you will need a computer with a Web browser to interact with Splunk Cloud. (There may be ways to interact via API, but I do not cover that here.) I will collect logs from a virtual machine running Debian 9, inside Oracle VirtualBox. First I registered for the free Splunk Cloud trial online. After I had a Splunk Cloud instance running, I consulted the documentation for Forward data to Splunk Cloud from Linux . I am running a "self-serviced" instance and not a "managed instance," i.e., I am the administrator in this situation. I learned that I needed to ins