Join us at TEKsystems in Turkey Creek this month where John Heasman will deep dive on writing custom Splunk commands.
Within our community, many of you have hands-on experience with Splunk or are working towards doing so, for threat hunting and SOC analyst positions.
But did you know that Splunk's Search Processing Language (SPL) is extensible via custom commands? These are Python scripts that even work on Splunk Cloud as well as Splunk Enterprise. Yes ... your sh*tty Python code can run on Splunk's servers!
Writing custom commands is pretty well documented. You can find a whole bunch of "hello world" articles but what these typically don't go into is why you might write a custom command in the first place.
In this mostly demo-filled talk, I'll whet your appetite for writing custom commands to speed up your workflows and analysis. Along the way I'll cover some of the basics of Splunk searches and share some thoughts on less common but powerful SIEM use-cases.