The log analysis service is responsible for collecting, indexing, correlating, and managing multiple streams of data owned by the University of Nebraska System. Multiple systems and tools are used for this service. The two primary tools are Splunk and Cortex Data Lake.
Splunk
NU maintains a Splunk Cloud instance to ingest and access multiple data sources. Splunk is a powerful data platform that enables NU to turn its machine-generated data into valuable insights and operational intelligence. Splunk helps businesses gain real-time visibility into their IT infrastructure, security systems, applications by collecting, analyzing, and visualizing data from various sources. It facilitates informed decision-making, proactive issue resolution, and the identification of opportunities for optimization and growth.
Cortex Data Lake
NU maintains multiple Palo Alto Cortex Data Lakes to ingest, parse, and manage security logs from multiple systems. These data lakes are resources which provide cloud-based, centralized log storage and aggregation for more than just the suite of Palo Alto licensed products. Multiple log sources can be configured for ingest into the NU Cortex Data Lake.
SIEM
All of the collected logs are analyzed through us of a Security Information and Event Management (SIEM) system. The concept of a SIEM is to approach security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.
Benefits & Features
Splunk can be leveraged for the following features to enhance your operational requirements:
- Dashboards
- Alerts
- Reports
- Data Searches
- Visualizations
- Multiple options, see example below
- Real Time Monitoring
- Deep Analysis
- Data Retention (up to 1+ year, depending upon legal requirements)
Additionally, Splunk can leverage add-ons & applications to enhance specific interactions and views of your data. Splunkbase is an excellent resource to check app availability.
Cortex Data Lake can be leveraged for the following features:
- Security log ingest & correlation with host devices / network connections
- Security Alerts
- Event monitoring and Incident Response
- Dataset management
Getting Started
The first step in getting started is getting knowledge!
If you are a University of Nebraska employee or student worker, please consider starting your Splunk journey with the "Splunk Fundamentals" Bridge Course.
If you are not an NU employee or would like to deepen your knowledge of Splunk, please consider creating an account with Splunk STEP. If you are an NU employee, please ensure at registration your company / organization field reads: "Board of Regents of the University of Nebraska"
Eligibility
Log Analysis service eligibility is limited to NU full and part time faculty, staff, and student workers.
All NU students are eligible to enroll in Splunk STEP which leverages the Splunk Academic Pledge. This program offers free training and labs to students in academia through the STEP portal.
Pricing
Splunk Cloud is a third-party service purchased by the University of Nebraska. There is no additional cost for employee access.
Additional costs may apply to your department if requesting additional storage or retention beyond the established NU baseline.
Additional Information
Dashboards with multiple visualizations serve as an excellent method to dynamically visualize data and uncover trends or deviations.
Forms
Location
Log Analysis cloud-based services are located throughout the United States and the world (depending upon the data type and sensitivity).
Availability/Hours
Log Analysis tools are available 24/7 less scheduled downtime.
To determine service outages, please reference the University of Nebraska status page.
Support
The Log Analysis service is supported by the NU ITS Security Operations team.