GABRIEL VASSEUR

Geeking out on Splunk & IT Security

Home: Welcome

What's new (ish)

RBA: Aggregate user & system risks!

Since RBA is all about aggregating security events that are related to the same entity, Assets & Identities normalisation is crucial to...

Use Ingest Actions to shrink your ingest and make the most of your license!

On the 18th of September 2024 I gave a talk on this topic at the London Splunk User Group meetup. Ingest Actions are a simple feature of...

"And the nominees are..." - Wish me luck!

I have been nominated for a 2023 Splunkie Award and I am delighted to be a finalist for the Inventor Award! https://conf.splunk.com/the-s...

My SplunkBase Apps

Conf Manager

This is the documentation for the Conf Manager app on splunkbase. This app allows you to search your knowledge objects and track their...

ES-Choreographer

This is the documentation for the ES-Choreographer app on splunkbase. This app offers various frameworks to help manage and improve...

GV-Utils

This is the documentation for the GV-Utils app on splunkbase. This app offers various utilities to solve a number of problems in Splunk:...

Articles

RBA: Aggregate user & system risks!

Since RBA is all about aggregating security events that are related to the same entity, Assets & Identities normalisation is crucial to...

Untable, xyseries, transpose clarified!

These 3 table-manipulating commands are occasionally very useful but they are also quite confusing. For years, I've relied on the...

RBA: a better way to dedup risk events

In this post we’re discussing an advanced way to dedup risk events in your risk alerts (RIRs) and at the same time have the RIR results...

2 3 4

Risk Based Alerting

RBA: Aggregate user & system risks!

Since RBA is all about aggregating security events that are related to the same entity, Assets & Identities normalisation is crucial to...

RBA: a better way to dedup risk events

In this post we’re discussing an advanced way to dedup risk events in your risk alerts (RIRs) and at the same time have the RIR results...

TaTalks

Use Ingest Actions to shrink your ingest and make the most of your license!

On the 18th of September 2024 I gave a talk on this topic at the London Splunk User Group meetup. Ingest Actions are a simple feature of...

Maintaining your correlation searches with ES Choreographer

I did a talk at Splunk .conf21 about how to maintain correlation searches: pdf / mp4 . If you’re looking for the source code for the...

Change Tracking in Splunk

Are you tracking changes in your Splunk deployment? Most people don't, unless they can justify having a custom (heavy!) process using...

ABOUT ME

My name is Gabriel.
I'm French.
I'm based in England.
I've got a PhD in theoretical physics.
I've been in the IT security industry since 2006.
I've been working with the Splunk big data platform and their SIEM Enterprise Security since 2016.
I made this website so I could share some of my knowledge.

Home: About

CONTACT

me@gabrielvasseur.com

Home: Contact