Props Report and Transforms Now we understand how to extract fields and make them available to all users so that we can place them under props.com, which is using our extract command. Now let us see how we can do the same using a report. The syntax is “report iPhone.” This is what I’ll call it; you can call it whatever you want. Let’s say I say “report IP is equal to”; this will be your function name, which will be defined in the transforms configuration file. Let’s say IP…

Uploading Data to Splunk We will be seeing more about post-installation, that is, the configuration steps that are carried out in Splunk. Throughout this module, we will use three Splunk components hosted in our Amazon AWS Data Index search at our Universal Forwarder, which is part of our local installation and will simulate the real-time experience of sending logs from our local PC to our cloud instance where they are hosted, searched, and indexed. We will see some of the most common and important steps taken by Splunk, an administrator,…

Configure Search head From Splunk CLI The 239 is visible here; 14 239 is our indexer. Now our search engine, which is twelve dot 76, is able to search the logs on the indexer, which shows our configuration is successful. We have configured a Splunk instance to act as a searcher. Now we have done this part using Splunk Web. We’ll see how we can do this using Splunk CLI. This is our indexer. We will not be touching any indexer because we’re configuring the searcher. So I’m logging in…

Installation of Splunk Indexers And when it is starting, there will always be a statement or a phrase. Splunk is specified by As we can see, it says another one where we’ll be starting in the index. This phrase was chosen at random, and there are a few others, such as “big data superhero” and “picking a needle in a haystack.” These are the key phrases that appear every time Splunk starts, and it checks for prerequisites. That is our port’s availability. 8000 for web, 80 89 for management, 80…

Defining Requirements for Implementing Office 365 Message Encryption Microsoft 365 Services offers an extremely awesome and powerful feature known as Ome, which is the Office 365 message encryption feature. What’s really cool about this is, is that you can send email to people who are outside your organization, and maybe they’re not part of another Office 365 subscription. They can be Gmail or something like that, and you can basically flag your email to be encrypted. It can be sent to the person and they can open it up in…

Configuring & Publishing Automatic Labeling Policies (excluding MCAS scenarios) I now want to focus on publishing sensitivity labels automatically, okay? So to do this, we’re going to look at portal Microsoftcom. We’re going to click the Show All lip symbol. We’re going to go to the compliance center by clicking on the compliance blade, that’s going to bring us into compliancemicrosoftcom. From there, we’re going to go down to information protection, all right? And we’re going to focus this time just on auto labeling, all right? So we’re going to…

Setting up proper licensing for Microsoft Endpoint Data Loss Prevention Now when you want to start implementing policies such as data loss prevention with sensitivity labels and enforcement and all of that, there is a couple of little prerequisites you need to understand about dealing with this on the endpoint side. So if I’m wanting this to be deployed down and control my on premise environment with my clients, there’s a few things I want you to understand. First off, off, you got to have the correct licensing for this….

Understanding Microsoft Cloud App Security (MCAS) What exactly is Cloud App Security? Well, you might have heard of the term CASB before. That acronym that stands for Cloud Access Security Broker. Well, basically, Microsoft Cloud app security is Microsoft’s version of a CASB. Okay? So the goal here is to allow us to focus on our environment and the traffic that’s flowing within our environment. Whether it’s traffic within our internal environment flowing to different websites, traffic flowing to the cloud environment, different web based applications, it’s important for us…

Configuring policies for Exchange, SharePoint, OneDrive and Teams I now like to demonstrate the process of creating data loss prevention policies and configuring them for Exchange SharePoint teams. OneDrive, all that fun stuff. All right, so we’re going to start here on Portal Microsoft. com. We’re going to click the Show All lip symbol and we’re going to click the compliance blade and that’s going to bring us into the compliance center. Granted you can also type Compliance Microsoft. com as a URL. It’ll take you straight to this area….

Understanding the purpose of Data Loss Prevention Okay, so what is DLP? Data loss prevention. One of the biggest things about this concept is it’s all about trying to comply with business and industry standards that are important in our workplaces today. So when you think about working for an organization or working for a business, high security needs and all that, you have to consider the types of information that are flowing through your business. So think about your users and the documents and emails and team messages and…