Kowsalya G

• Collecting and ingesting onprem & cloud based applications (IAAS, PAAS) logs into Splunk tool for daily monitoring activity. And expereince in the deployment of Splunk agent in AWS instance & forwarding logs to splunk from AWS instance.
• Established On-boarding of application and database server logs into Splunk by using various integration method such as Splunk Agent, DBConnect, HTTP Event Collector, API Method(Onprem and Cloud) and analyze data with SPL queries.
• Achieved hands-on experience in clustering, deploying apps through Splunk deployment server, Splunk version upgrades and creating roles and authentication.
• Worked as a Splunk Admin for Creating and managing app, Creating users, role, Permissions to knowledge objects. Create user interfaces that will allows customers to manage their own Splunk instances.
• Managed and edited various .conf files such as props.conf, Transforms.conf, Output.conf, inputs.conf, indexes.conf, serverclass.conf)
• Created and deployed deployment apps from the Deployment Server.
• Building and maintaining CI/CD pipelines and Azure DevOps in automating deployment of data pipelines for applications.
• Worked closely with various Security and Platform Engineering teams to onboard new data from various sources and involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Administered both Splunk Enterprise and Splunk Enterprise Security.
• Knowledge on Splunk Components such as configuring forwarders, indexers, search heads to splunk web, and other components like load balancers, bucketing in splunk, indexing and parsing, reading log files etc.
• Knowledge about splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Improved operations by working with team members and customers to find workable solutions.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow.
• Juggled multiple apps and tasks to ensure high quality and timely delivery.
• Defined and implemented Role Based Access through user roles
• Implemented optimal solutions to meet technical and business requirements.

Endpoint detection and response:

Experience in deploying and configuring the endpoint security solution (HIDS & SentinelOne) in the platform level servers. The monitors endpoints to detect and respond to cyber threats like ransomware and malware Monitor & investigate the alerts.

Database activity monitoring (DAM):

Experience in deploying and configuring the security monitoring tool(DAM) in the platform level servers to observe, identify, and reporting a database’s activities.