This project is a campus-wide initiative to enhance our ability to detect and respond to security incidents occurring in the University’s distributed IT systems, and thereby to reduce the risk of malicious actors gaining an undetected foothold in the University.

Splunk installation is required by InfoSec Policy.

The role of the server owner is minimal: install Splunk and CrowdStrike using the instructions provided.

What are Splunk and CrowdStrike?

  • The Splunk Forwarder is an extension to the Splunk Enterprise that helps capture, index and correlate real-time data gathered from websites, applications, and devices in a searchable repository. Splunk will provide server logs from each department in order to quickly and efficiently troubleshoot any threat or cyber event to the University.
  • CrowdStrike is a malware protection solution that addresses threats with more proactive, integrated methods than competing antivirus software. Expanding the usage of CrowdStrike to all WashU servers immediately will proactively address threats to the network.

Objective

To protect 95% of servers at the University with Splunk and CrowdStrike by June to reduce the risk of material harm from a cyber event.

Timeline

Splunk & Crowdstrike Expansion Project Timeline

Instructions

To install Splunk Forwarder on your server, access the Splunk Expansion Playbook (Word) for instructions.

To install CrowdStrike on your server, access the CrowdStrike Server Endpoint Security Installation instructions (Word).

Contact Us

Please contact Bianca Hood or Brian Allen with questions.