Sarwar Ahmed Shaikh

Worked on 2 deployments of distributed cluster Splunk Architecture of in which single handedly designed and deployed 1 of the architecture. Installation as well as Configuration of Indexers, Search Head, Cluster Master, Heavy Forwarder and Deployment Server on both Windows and Linux Servers. Deployment of Splunk in a cluster & distributed environment. Integrated various data sources with Splunk through Universal Forwarders, syslog, Heavy Forwarders, external feeds. Management of all Splunk instances through monitoring console as well as Cluster Master. Managing and configurations of thousands of Splunk Forwarders via Deployment server. Installation and configuration of Splunk Forwarder on Windows, Linux and AIX servers. Created Splunk app for automating the process of up gradation of Universal Forwarders on hundreds of Deployment client which could be done in few minutes. Activity of upgrading all Splunk instances done proficiently. Worked on Splunk DB connect for connecting databases into Splunk. Well familiar and worked on Splunk Enterprise Security app. Managed and worked on Splunk Threat Intelligence by integrating IOCs from external feeds as well by creating STIX, IOC file and pushing it into Splunk. Create security based use cases and alerts as per the business requirement. Worked and investigated on Notable events generated in Enterprise Security. Write customized parsers for search time and index time field extraction. Loads of resolution of issues in Splunk as well as when integrating varying types of data sources. Worked on Knowledge Objects such as Data Models, Datasets, Event Types, tags, Field Extraction, Lookups etc. Created various dashboards as per business requirement and troubleshooting of non-populating pre-built dashboards Study and investigate types of data source needed for an app in Splunk to work smoothly. Create daily, weekly and monthly reports according to business requirements in different forms like area graph, pie chart, column and bar graph etc. Co-relate VA and Threat Intel logs and make them work as a catalyst to existing log sources. Worked on ad-hoc or impactful security incident by doing extensive log analysis in Splunk. Decommissioned whole distributed environment of Splunk.

Integration of various log sources into Qradar through wincollect, msrpc, jdbc, syslog etc. Upgradation of Qradar instance done profieciently. Rules, Alerts, Reports, Dashboard creation in Qradar according to business as well as operational requirement. Configured Qradar Threat Intelligence via STIX/TAXII feeds. Customised parsers for unparsed/unknown logs. Worked on Offenses and investigate & resolve them as per defined SLA.

Worked on Nessus Tools – Nessus Scanner, Nessus Manager, Tenable.io.  Implemented all the variants of Nessus for customer. Configuring and integrating of Nessus Scanner and Nessus Manager with Splunk. Creating and defining policies for Nessus scanning for different types of devices. Involved in vulnerability scanning, Vulnerability assessment and Vulnerability management. Perform monthly internal and external vulnerability assessment and recommend corrective measures for remediation. Perform operations through APIs. Helped customer mitigate Critical and High vulnerabilities within prescribed SLA