The log analysis service is responsible for collecting, indexing, correlating, and managing multiple streams of data owned by the University of Nebraska System. Multiple systems and tools are used for this service. The two primary tools are Splunk and Cortex Data Lake.
NU maintains a Splunk Cloud instance to ingest and access multiple data sources. Splunk is a powerful data platform that enables NU to turn its machine-generated data into valuable insights and operational intelligence. Splunk helps businesses gain real-time visibility into their IT infrastructure, security systems, applications by collecting, analyzing, and visualizing data from various sources. It facilitates informed decision-making, proactive issue resolution, and the identification of opportunities for optimization and growth.
Cortex Data Lake
NU maintains multiple Palo Alto Cortex Data Lakes to ingest, parse, and manage security logs from multiple systems. These data lakes are resources which provide cloud-based, centralized log storage and aggregation for more than just the suite of Palo Alto licensed products. Multiple log sources can be configured for ingest into the NU Cortex Data Lake.
All of the collected logs are analyzed through us of a Security Information and Event Management (SIEM) system. The concept of a SIEM is to approach security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.
Benefits & Features
Splunk can be leveraged for the following features to enhance your operational requirements:
- Data Searches
- Multiple options, see example below
- Real Time Monitoring
- Deep Analysis
- Data Retention (up to 1+ year, depending upon legal requirements)
Additionally, Splunk can leverage add-ons & applications to enhance specific interactions and views of your data. Splunkbase is an excellent resource to check app availability.
Cortex Data Lake can be leveraged for the following features:
- Security log ingest & correlation with host devices / network connections
- Security Alerts
- Event monitoring and Incident Response
- Dataset management
The first step in getting started is getting knowledge!
If you are a University of Nebraska employee or student worker, please consider starting your Splunk journey with the "Splunk Fundamentals" Bridge Course.
If you are not an NU employee or would like to deepen your knowledge of Splunk, please consider creating an account with Splunk STEP. If you are an NU employee, please ensure at registration your company / organization field reads: "Board of Regents of the University of Nebraska"
Splunk Cloud is a third-party service purchased by the University of Nebraska. There is no additional cost for employee access.
Additional costs may apply to your department if requesting additional storage or retention beyond the established NU baseline.
Dashboards with multiple visualizations serve as an excellent method to dynamically visualize data and uncover trends or deviations.
Log Analysis tools are available 24/7 less scheduled downtime.
To determine service outages, please reference the University of Nebraska status page.
The Log Analysis service is supported by the NU ITS Security Operations team.