Splunk .conf24 in Las Vegas has come and gone, and though exhausted, we thought it’d be useful to give you an overview of our experiences:
- the questions, use cases, and problems you’ve asked us at our booths,
- how our projects and products relate to these questions.
Data reduction was the recurring theme we heard at Splunk .conf24 (how can I safely and accurately reduce the amount of data we’re sending to Splunk?). The root of this problem is really a result of the exponential growth of security data. The current model of pay for data ingest seems no longer sustainable.
Automatic Classification and Curation
Data Curation based on automatic classification is a major value that Axoflow is bringing to the telemetry pipeline. Our platform automatically classifies data when adding a new data source, using a comparison against our data library that is continuously maintained. Once we know what type of data we will be processing, we can answer all kinds of questions, like:
- Where should this data go?
- How should we modify the payload to optimize the destination?
- But ultimately, classification of the data allows us to answer a very important question: Why send it to the SIEM?
Reducing noise
The noise reduction step happens after classification, we can filter and shape the data and optimize for the destination (SIEM).
We need to quiet what we need to quiet
Adding metadata to the messages themselves is also a fundamental part of this step. This helps in two ways:
- bringing observability to the observability pipeline (however funny it may sound), and also in
- enhancing the performance of the destination (SIEM) by providing relevant information about the data source.
AxoRouter
Axoflow unveiled AxoRouter at Splunk .conf24, which is the engine of our security data curation pipeline. AxoRouter does all the heavy lifting around collection, classification, curation and routing in the platform. And the best part is we do this automatically, at enterprise scale.
If you were not able to see us at .conf, please let us know and we will schedule a demo for you.
On-deman Webinar
Parsing
sucks!
What can you do
about it?
56 minutes
Balázs SCHEIDLER
Founder syslog-ng™
Mark BONSACK
Co-creator SC4S
Sándor GUBA
Founder Logging Operator
Neil BOYD
Moderator
On-demand Webinar
Parsing
sucks!
What can you do about it?
56 minutes
Follow Our Progress!
We are excited to be realizing our vision above with a full Axoflow product suite.