Anomaly Detection With Splunk
We like to keep our finger on the pulse of the cybersecurity industry and make sure our graduates are ready for industry, and there’s one area that we continually hear of graduates getting jobs: “Splunk analytics”. It’s a package which is really taking over in the industry, and focuses on making sense of alerts and data generated. Overall, there’s two core things we typically look for: standard signatures of attacks; and anomolies. On many occassions, it just want to understand what “normal” is, and then detect when we move away from this.
So let’s use Splunk to detect an anomaly within a data set. With this we will aim to detect categorical outliers with a telephone call log. This we start with a new experiment:
and give it a name:
Our data set will include a log of calls, including the time of the call, the direction (incoming or outgoing), the duration, and the type of call (Voice or SMS) [data set here]:
