Splunk and security training resources develop your IT skill set
Company culture is something that’s unique to each business. Here at Hurricane Labs, one of the areas we emphasize is education and being lifelong learners. This blog post was inspired by the courses I’m taking to develop my skill set, some of which I wanted to share with you.
Apart from being trained and certified as Splunk Core Certified User, Splunk Certified Power User, and Splunk Enterprise Certified Admin, I’m also learning Python programming and Ansible. I would like to share the benefits of learning the above, highlights of my learning experience, and where you can find the resources for training.
The Python advantage
Python is a general-purpose programming language which is widely used for web development, artificial intelligence, machine learning, operating systems, and mobile application development. The advantages include having fewer syntax rules and programming conventions, and it is easier to understand than other programming languages, such as Java and C++.
If you’re a beginner with no background in programming, Python is one of the languages I strongly recommend. I chose to learn Python to improve my logical thinking, understand programming, and troubleshoot any issues related to coding. Being an IT professional, I believe it is important for everyone to have some background and experience in programming, and Python is a great place to start.
Though I struggled at the beginning to understand programming concepts–such as conditional statements, matrices, expressions and methods–I enjoyed writing and executing the code once I got used to it. The fun part for me was solving the lab exercises in the course, figuring out the errors in the program including small mistakes like missing expressions in statements (e.g., parentheses, comma, colon, semicolon, etc.).
Any text data in the form of logs, configurations, messages, alerts, metrics and scripts are forwarded to splunk. Scripted output is one of the ways of ingesting Data into Splunk. Having knowledge in python scripting will help to troubleshoot any issues which might occur while inputting the data to splunk.
Here are a couple of the Python courses I’ve found to be helpful so far:
- Data Camp – This website provides a platform for people of all levels who are looking to learn more about data science. You will find courses from basic Python courses to advanced level.
- Python A-ZTM – This Udemy course provides real, hands-on labs you can work on.
Note: I installed PyCharm to practice the lab-exercises from the above courses, something you might want to consider if you choose to go that route.
Ansible for devops automation
The other course I have been learning is Ansible. Ansible is a devops automation tool for configuration and resource management in an automated method for maintaining computer systems and software.
Automation tools are another important modern development in technology. Such tools include cloud computing, AI, and machine learning. By using automation tools like Ansible, we can configure and manage changes to multiple servers/systems. Specifically, changes that can be done using Ansible include provisioning, configuration management, application deployment and orchestration.
I started this course recently and I was excited to better understand how we can provision data centers through machine-readable definition files, rather than physical hardware configuration. I personally feel Ansible is a very simple, powerful, flexible, and efficient automation tool that can perfectly fit an IT application infrastructure. It’s open source, very simple to set up and use without requiring to install any extra software. Repetitive tasks can be easily done by using Ansible.
For example, If you want to install an updated version of a specific type of software on all the machines in an enterprise, all you need to do is write out all the IP addresses of the hosts and write an Ansible playbook to install it on all the nodes. Then, run the playbook from your control machine.
Ansible also lets you quickly and easily deploy multi tier apps. There’s no need to write custom code to automate the systems, and you won’t have to configure the applications on every machine manually. When you run a playbook, Ansible uses SSH to communicate with the remote hosts and run all the commands (tasks).
If you’re interested in learning more, I found Red Hat Certified Specialist in Ansible Automation on Cloud Guru to be useful. Check it out!
In the IT and infosec fields, it’s important to update and improve our skill list as technology continues to develop rapidly. I hope this information will be valuable as you explore and expand your knowledge about new technologies, too. Thanks for reading!
About Hurricane Labs
Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.
For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.