Splunk Platform Design & Log Management

• Worked as a Sr. Splunk Architect & Log management consultant to ensure delivery of best practices and standards
• Primary focus & technical leadership in planning, designing, implementing Log Management & Data Analytical tools
• Design, develop, configure, and implement large-scale solutions for Splunk, ELK-Stack & Kafka.
• Develop best practices to maximize the use of Splunk, ELK-Stack & Kafka.
• Lead & perform proof of concepts to determine & validate newer and best in the market solutions & technologies.
• Ensure thorough testing of solutions for functionality and compatibility and perform data mining and analysis in Splunk & ELK-Stack.
• Mentor and guide a team of 12 on various technical implementations, critical issues & use case developments
• Assist in troubleshooting log ingestions, connection issues and other critical incidents & complex technical issues.
• Lead and manage Splunk & ELK-Stack for Enterprise Security (ES), UBA & ML.
• Communicate, document, and distill technical information to team members and partner organizations.
• Engineer, assess, and review future architecture solutions, 3rd party management tools/applications and implement life cycle maintenance processes.
• Provide technical guidance and leadership across a diverse team’s for multiple platforms, programs and projects.
• Provide capacity planning and performance monitoring to sustain and improve service availability.
• Coordinate service/support needs with vendors, application support teams, and internal teams through effective partnership, collaboration and communication.
• Provide Change Request leadership for the deployment of application or infrastructure related changes.
• Brief/present to senior leadership on the status of projects and tasks.
• Manage log ingestion of overall 30+ TB's on daily basis using multiple tools like Kafka, Elastic search & Splunk (for Splunk alone we ingest a little over 10+ TB's of realtime Security data on a daily basis).

Achievements:

• Reduced 50% license cost for Splunk by redesigning the entire log flow management using Kafka & ELK-Stack. 
• Redesigned entire event forwarding architecture by reducing the dependency on individual endpoint forwarders.   
• Completed Data Source Assessments for Windows & NW’ing logs to optimize everyday license usage in Splunk.  
• Created number of Splunk Enterprise Security related use cases [responsible for creating more than 200 customized usecases] based on customer and business needs.
• Integrated log ingestion into Splunk from Android and IOS devices using Splunk Mint.
• Designed data Ingestion from different Data-Inputs like AWS Kinesis, Elastic Beats, Splunk Forwarders & HEC, Modular & Scripted inputs, TA’s & Syslog’s.
• Created customized TA’s [inbuild] for data parsing and extraction.
• Design Secure transformation of log data from Source to the Indexers.
• Have written many Regex, GROK, Shell & Python scripting for custom data ingestion/parsing/extraction from and in to Splunk & Elasticsearch.
• Expert in Splunk Performance tuning using [SI/RA/DMA] & SPL tuning for optimum performance.
• Created many adaptive response actions in Splunk ES to route the post actions to various third-party tools.
• Created all sorts of Splunk & Elastic KO’s like Dashboards, Alerts, Reports, Glass-Tables, Lookups, KVStore, Data-models, Pivots, Macros, Tags, Fields, Aliases, Events.

Below are some of the data sources, I have integrated with Splunk & Elastic.

• NW - Cisco / Juniper / PAN / F5-BigIP
• FW - Checkpoint / Cisco
• WAF – Imperva / AWS WAF
• OS - Windows / Nix / VMWare
• AV/IDS/IPS - McAfee / Cylance / Sourcefire
• IMT/CMDB – ServiceNow / Jira
• AIPOS, Threat Orchestration & Threat intelligence – TruStar / D3 / RecordedFuture
• Email - O365 / Proofpoint
• DataStream - Kafka / AWS Kinesis / Kinesis Firehose
• AWS – CloudTrail / CloudWatch
• Wireless Mobile management - Cisco Meraki
• VPN, Identity & Authentication - RSA / Pulse Secure / Ping
• Cloud Security – Qualys / Aqua
• API management - Apigee Edge

Splunk Integration Advisory & Managed Services

• Core Member & Lead of Security Operations, Log Management & Research & Data Analytics team.
• Designed, administered & managed single-site clustered [Index & SH clustering] Splunk environments,
• Distributed & Stand-alone Splunk environments up to a total license of 2TB daily ingestion.
• Integrated Splunk Enterprise Security with Splunk Enterprise modules and implemented & managed Splunk knowledge objects (Apps, Add-ons, Dashboards, Saved Searches, Scheduled Searches, Alerts)
• Hands on experience in Spunk Enterprise [6.x & 7.x] Installations, Splunk ES 4.x implementation, HF & UF Installations, Splunk Version Upgrades, Centralized App & Add-on Deployments using Splunk deployment Server, License maintenance using License Master, Splunk Backups & Thawed Restorations.
• Worked as Splunk Architect / Consultant / Manager / UseCase developer for creating Business objects & notable events for Security postures.
• Evaluated data ingestion volume for effective license usage by assessing different data Sources and proposed required necessary data & events that needs to be ingested to reduce daily License consumption.
• Integrated many enterprise security tools such as IDS/IPS, VPN & Authentication, Anti-Virus, Malware Gateway, Messaging & Email Servers, Firewalls and Internet Proxy, Database, Operating System with Splunk Enterprise and created various Business / Infra & Security related UseCases as per client needs
• Configured SAML & LDAP authentications for Splunk.
• Perform post-incident analysis using standard ops to identify intrusions & penetrations, identify vulnerabilities that may have caused hinderances to the infrastructure, work with responsible parties to Assist/develop/finetune and mature the services and capabilities of the SOC
• Assist Tier I&II Analysts in creating Alerts / Dashboards for network traffic and security threats, potential events/incidents as well as trending and historical analysis and ensuring all incident are reported as per standard operations.
• Provided expert recommendations and best practices in adopting & growing number of use cases & acted as a key POC in setting up a Splunk Center of Excellence for my Customer.
• Worked closely with the Splunk Account Team (Account Manager, Sales Engineer, Professional Services) to identify new features that may benefit my Customer’s organizational goals & functions

Splunk Platform integration

• Managed Log Management, Fraud Analytics & Data Analysis.
• Designed, administered & managed single-site clustered [Index & SH clustering] Splunk environments with a daily license consumption of 750 Gigs.
• Managed Spunk Enterprise [5.x & 6.x] Installations, HF & UF Installations, Splunk Version Upgrades, Centralized App & Add-on Deployments using Splunk deployment Server, License maintenance using License Master, Splunk Backups & Thawed Restorations.
• Worked as a Splunk SME in evaluating data ingestion volume for effective license usage by assessing different data Sources and proposed required necessary data & events that needs to be ingested to reduce daily License consumption.
• Ingested various logs like OS [Windows & Linux], Web Logic, IBM Web Sphere, JBoss and Apache Tomcat Web Server & Payment related application logs from various End computing systems.
• Implemented Splunk Enterprise Deployments using (props.conf, Transforms.conf, Input.conf & Output.conf, Deployment.conf).
• Provide consulting to project and development teams in the area of information security & Log Management through Splunk.
• Developed dashboards with visual metrics, provided regular scheduled metrics and reporting to all business stakeholders.
• Standardized and implemented Splunk Universal Forwarder deployment, configuration and maintenance in Linux and Windows platforms.
• Provided overall management of the SPLUNK platform & Supported SPLUNK on UNIX, Linux and Windows-based platforms and ingested data from multiple data sources.
• Created many different dashboards & data visualizations using Bar, Line and Pie chart, Background Maps, Box plots, Scatter plots, Gantt charts, Bubble charts, Histograms, Trend lines & statistics, Bullets, Heat maps and Highlight tables.