{"id":12598,"date":"2019-02-25T17:34:31","date_gmt":"2019-02-25T22:34:31","guid":{"rendered":"http:\/\/www.iri.com\/blog\/?p=12598"},"modified":"2020-05-01T17:24:43","modified_gmt":"2020-05-01T21:24:43","slug":"darkshield-splunk-es","status":"publish","type":"post","link":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/","title":{"rendered":"Shedding Light on Dark Data with Splunk ES"},"content":{"rendered":"

Splunk Enterprise Security (ES)<\/a><\/span>\u00a0is a major player in the Security Information and Event Management (SIEM) software market. The cloud-based analytic platform combines the indexing and aggregation capabilities of Splunk Enterprise with a range of fit-for-purpose features attendant to SIEM environments.<\/span><\/p>\n

Splunk ES collects and aggregates log data generated throughout the organization’s technology infrastructure, from host systems and applications to network and security devices such as firewalls and antivirus filters. Splunk can thus be used to efficiently and graphically identify, categorize, and analyze security incidents from device and event log data provided to it.<\/span><\/p>\n

IRI DarkShield<\/a><\/span>\u00a0is a machine-learning-enabled data discovery and masking package for personally identifiable information (PII) in dark data (unstructured) files — like email repositories, .pdf and Microsoft documents, and images. DarkShield produces a high volume and quality of log file results from its PII search and mask operations.<\/span><\/p>\n

These flat-file extracts from DarkShield can feed Splunk ES to produce insight into PII-related vulnerabilities in various files on the network, and those that DarkShield already protected.\u00a0Other<\/a><\/span>\u00a0IRI software, including FieldShield and CellShield EE, produce similar logs.<\/p>\n

In the case of DarkShield, the results of its LAN-wide file searches and masking operations are saved into PSV (pipe separated values) or other delimited files.The sample log used in this article contains the fields:<\/span><\/p>\n

Name|Result|Span|Owner|Regularity|Linkage|Read Only|Hidden|File Size|Date Created|Date Modified|Date Accessed|File Path|File Type<\/span><\/p>\n

 <\/p>\n

Adding DarkShield Data Source<\/span><\/h3>\n

Splunk ES can be accessed via \u201cMy Instances\u201d in your Splunk profile. Once you locate the DarkShield PSV file, upload it via the \u201cAdd Data\u201d option in the Splunk ES Settings menu:<\/span><\/p>\n

\"Splunk<\/a><\/p>\n

Be sure to specify the delimiter properly, be it a pipe, comma, etc. Set the time field to your liking, as that value is used for some visualizations.\u00a0To do that, select the Timestamp drop down menu and set the time field to use for timestamps in Splunk ES based on what the time field is in the logs.\u00a0Select \u201cAdvanced\u201d extraction, then enter the name of the field to use as the timestamp.<\/span><\/p>\n

Proceed through the next few menus following \u201cSet Source Type\u201d by using the default settings. Finally, the file should be uploaded and ready for searches in Splunk ES.<\/span><\/p>\n

Accessing DarkShield Data<\/span><\/h3>\n

Now that your DarkShield log data has been indexed, it\u00a0is now accessible to the Splunk search feature, which is also used to generate visualizations of the data.<\/span><\/p>\n

Open the \u201cSearch\u201d menu and confirm that the source you want was set to the file name (in quotes). Setting the time span for the search to \u201cAll Time\u201d will allow you to see all the data (every entry) in the PSV log file. \u00a0<\/span><\/p>\n

From that view, you can search the data using Splunk command syntax. For example, you can look\u00a0for a specific field data values like<\/span><\/p>\n

source=\u201dDarkShieldlog.psv\u201d filetype=\u201dXLS\u201d<\/span><\/pre>\n
returns\u00a0only entries containing XLS files.\u00a0Inserting\u00a0a term following the source and prior to any commands will search all of the data entries containing that term.\u00a0 For example,<\/span><\/p>\n
source=\u201dDarkShieldlog.psv\u201d pdf |stats count by \u201cname\u201d<\/span><\/pre>\n
finds\u00a0log entries that contain the term \u201cpdf\u201d, and returns with the number of people (by name) which DarkShield found (e.g., 5 Fred\u2019s, 6 Sally\u2019s) in pdf files.<\/span><\/p>\n
Use the pipe(|) symbol to add even more commands to the search. Some popular commands are |stats, |chart, and |timechart. These can be used with other commands and searches to create\u00a0specific results, like this one:<\/p>\n
\"Specified<\/a><\/p>\n
Splunk ES can also recommend specific searches (and thus visualizations) to you. To enable that feature, you must first select those fields you want Splunk to consider in the Events tab. Once you\u2019ve done that, those fields are added to \u2018interesting fields\u2019 and clicking on any of them will reveal a suggested of search commands pertinent to that field. This also saves time in having to recall and manually enter the same search parameters.<\/span><\/p>\n
Visualizing the Data<\/span><\/h3>\n
For an example, try the command \u201c|stats count by filetype\u201d. This will display a table with the number by files in each format DarkShield scanned for PII. Selecting \u201cVisualizations\u201d will allow you to choose more graphical forms for displaying data with the stats command. Options include bar and pie charts, dials and gauges, scatter plots, maps, etc. The visualizations can be further customized with different colors, labels, and sizes. The Trellis layout can be used to help visualize multiple data relations.<\/span><\/p>\n
Once you are satisfied with the visualization, hover your cursor over the \u201cSave As\u201d menu and select \u201cDashboard Panel\u201d from the menu. The panel can be saved as a new dashboard for the first time, or you can select existing to add new panels to an existing dashboard.<\/span><\/p>\n
Dashboarding in Splunk ES<\/span><\/h3>\n
You can move these visualizations by dragging them around the screen, and multiple visualizations can be broken into vertical sections within the same row This is done by editing the dashboard in \u201cUI\u201d mode. There is also a \u201cSource\u201d mode if you know how to edit the code.<\/span><\/p>\n
Now that you have an insightful dashboard to look at, you can make it more accessible in a few different ways. The \u201cExport\u201d option allows the dashboard to be saved to a PDF file. Be aware that Trellis visualizations will not show with this option, however.<\/span><\/p>\n
You can also set a dashboard as the Home Dashboard by clicking the \u201c…\u201d button and clicking the appropriate selection from the menu.<\/span><\/p>\n
Here is an example of a completed dashboard showing IRI DarkShield log results in various visual forms within Splunk ES:<\/span><\/p>\n
\"Darkshield<\/a><\/p>\n
It is also possible to make DarkShield results more accessible from main menus in Splunk ES through <Configure <General <Navigation options in the top toolbar. On this page, you can modify the navigation interface by adding (or deleting) menus and views.<\/span><\/p>\n
To add a dashboard as a view, click on the eye button, select \u201cLink\u201d from the View Options, type in a name, and copy and paste the URL link from your dashboard page into the \u201cLink\u201d category.<\/span><\/p>\n
\"\"<\/a><\/p>\n
Select save, and confirm how easy it is to navigate to your DarkShield dashboard from the top level menu. And with that, you\u2019re now leveraging\u00a0IRI DarkShield<\/a><\/span>\u00a0and Splunk ES to reveal and remediate PII in unstructured files through a now more holistic view of enterprise security holes!<\/span><\/p>\n
In my next article, I will describe how you can use the information displayed to take action.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
Splunk Enterprise Security (ES)\u00a0is a major player in the Security Information and Event Management (SIEM) software market. The cloud-based analytic platform combines the indexing and aggregation capabilities of Splunk Enterprise with a range of fit-for-purpose features attendant to SIEM environments. Splunk ES collects and aggregates log data generated throughout the organization’s technology infrastructure, from host<\/p>\n
Read More<\/a><\/div>\n","protected":false},"author":119,"featured_media":12602,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[8],"tags":[1386,1387,229,1388,148,149,1335,1336,574,1385],"class_list":["post-12598","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection","tag-darkshield","tag-dashboard","tag-data-visualization","tag-iri-darkshield","tag-personally-identifiable-information","tag-pii","tag-security-information-and-event-monitoring","tag-siem","tag-splunk","tag-splunk-es"],"acf":[],"yoast_head":"\nShedding Light on Dark Data with Splunk ES - IRI<\/title>\n<meta name=\"description\" content=\"Splunk Enterprise Security (ES)\u00a0is a major player in the Security Information and Event Management (SIEM) software market. The cloud-based analytic platform\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Shedding Light on Dark Data with Splunk ES\" \/>\n<meta property=\"og:description\" content=\"Splunk Enterprise Security (ES)\u00a0is a major player in the Security Information and Event Management (SIEM) software market. The cloud-based analytic platform\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/\" \/>\n<meta property=\"og:site_name\" content=\"IRI\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-25T22:34:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-01T21:24:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/darkshield_report.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1807\" \/>\n\t<meta property=\"og:image:height\" content=\"1020\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Devon Kozenieski\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Devon Kozenieski\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/\"},\"author\":{\"name\":\"Devon Kozenieski\",\"@id\":\"https:\/\/www.iri.com\/blog\/#\/schema\/person\/de972c035aaeecfc40a3ae2ea5ff7ba1\"},\"headline\":\"Shedding Light on Dark Data with Splunk ES\",\"datePublished\":\"2019-02-25T22:34:31+00:00\",\"dateModified\":\"2020-05-01T21:24:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/\"},\"wordCount\":1072,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\/\/www.iri.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/darkshield_report.png\",\"keywords\":[\"DarkShield\",\"dashboard\",\"data visualization\",\"IRI DarkShield\",\"personally identifiable information\",\"PII\",\"Security Information and Event Monitoring\",\"SIEM\",\"Splunk\",\"Splunk ES\"],\"articleSection\":[\"Data Masking\/Protection\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/\",\"url\":\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/\",\"name\":\"Shedding Light on Dark Data with Splunk ES - IRI\",\"isPartOf\":{\"@id\":\"https:\/\/www.iri.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/darkshield_report.png\",\"datePublished\":\"2019-02-25T22:34:31+00:00\",\"dateModified\":\"2020-05-01T21:24:43+00:00\",\"description\":\"Splunk Enterprise Security (ES)\u00a0is a major player in the Security Information and Event Management (SIEM) software market. The cloud-based analytic platform\",\"breadcrumb\":{\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#primaryimage\",\"url\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/darkshield_report.png\",\"contentUrl\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/darkshield_report.png\",\"width\":1807,\"height\":1020,\"caption\":\"Darkshield report\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.iri.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Shedding Light on Dark Data with Splunk ES\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.iri.com\/blog\/#website\",\"url\":\"https:\/\/www.iri.com\/blog\/\",\"name\":\"IRI\",\"description\":\"Total Data Management Blog\",\"publisher\":{\"@id\":\"https:\/\/www.iri.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.iri.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.iri.com\/blog\/#organization\",\"name\":\"IRI\",\"url\":\"https:\/\/www.iri.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.iri.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/iri-logo-total-data-management-small-1.png\",\"contentUrl\":\"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/iri-logo-total-data-management-small-1.png\",\"width\":750,\"height\":206,\"caption\":\"IRI\"},\"image\":{\"@id\":\"https:\/\/www.iri.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.iri.com\/blog\/#\/schema\/person\/de972c035aaeecfc40a3ae2ea5ff7ba1\",\"name\":\"Devon Kozenieski\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.iri.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e4c421588c1a85dd9a76146fe15528f7?s=96&d=blank&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e4c421588c1a85dd9a76146fe15528f7?s=96&d=blank&r=g\",\"caption\":\"Devon Kozenieski\"},\"url\":\"https:\/\/www.iri.com\/blog\/author\/devonk\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Shedding Light on Dark Data with Splunk ES - IRI","description":"Splunk Enterprise Security (ES)\u00a0is a major player in the Security Information and Event Management (SIEM) software market. The cloud-based analytic platform","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/","og_locale":"en_US","og_type":"article","og_title":"Shedding Light on Dark Data with Splunk ES","og_description":"Splunk Enterprise Security (ES)\u00a0is a major player in the Security Information and Event Management (SIEM) software market. The cloud-based analytic platform","og_url":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/","og_site_name":"IRI","article_published_time":"2019-02-25T22:34:31+00:00","article_modified_time":"2020-05-01T21:24:43+00:00","og_image":[{"width":1807,"height":1020,"url":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/darkshield_report.png","type":"image\/png"}],"author":"Devon Kozenieski","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Devon Kozenieski","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#article","isPartOf":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/"},"author":{"name":"Devon Kozenieski","@id":"https:\/\/www.iri.com\/blog\/#\/schema\/person\/de972c035aaeecfc40a3ae2ea5ff7ba1"},"headline":"Shedding Light on Dark Data with Splunk ES","datePublished":"2019-02-25T22:34:31+00:00","dateModified":"2020-05-01T21:24:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/"},"wordCount":1072,"commentCount":2,"publisher":{"@id":"https:\/\/www.iri.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#primaryimage"},"thumbnailUrl":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/darkshield_report.png","keywords":["DarkShield","dashboard","data visualization","IRI DarkShield","personally identifiable information","PII","Security Information and Event Monitoring","SIEM","Splunk","Splunk ES"],"articleSection":["Data Masking\/Protection"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/","url":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/","name":"Shedding Light on Dark Data with Splunk ES - IRI","isPartOf":{"@id":"https:\/\/www.iri.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#primaryimage"},"image":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#primaryimage"},"thumbnailUrl":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/darkshield_report.png","datePublished":"2019-02-25T22:34:31+00:00","dateModified":"2020-05-01T21:24:43+00:00","description":"Splunk Enterprise Security (ES)\u00a0is a major player in the Security Information and Event Management (SIEM) software market. The cloud-based analytic platform","breadcrumb":{"@id":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#primaryimage","url":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/darkshield_report.png","contentUrl":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/darkshield_report.png","width":1807,"height":1020,"caption":"Darkshield report"},{"@type":"BreadcrumbList","@id":"https:\/\/www.iri.com\/blog\/data-protection\/darkshield-splunk-es\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.iri.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Shedding Light on Dark Data with Splunk ES"}]},{"@type":"WebSite","@id":"https:\/\/www.iri.com\/blog\/#website","url":"https:\/\/www.iri.com\/blog\/","name":"IRI","description":"Total Data Management Blog","publisher":{"@id":"https:\/\/www.iri.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.iri.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.iri.com\/blog\/#organization","name":"IRI","url":"https:\/\/www.iri.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.iri.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/iri-logo-total-data-management-small-1.png","contentUrl":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/iri-logo-total-data-management-small-1.png","width":750,"height":206,"caption":"IRI"},"image":{"@id":"https:\/\/www.iri.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.iri.com\/blog\/#\/schema\/person\/de972c035aaeecfc40a3ae2ea5ff7ba1","name":"Devon Kozenieski","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.iri.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e4c421588c1a85dd9a76146fe15528f7?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e4c421588c1a85dd9a76146fe15528f7?s=96&d=blank&r=g","caption":"Devon Kozenieski"},"url":"https:\/\/www.iri.com\/blog\/author\/devonk\/"}]}},"jetpack_featured_media_url":"https:\/\/www.iri.com\/blog\/wp-content\/uploads\/2019\/02\/darkshield_report.png","_links":{"self":[{"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/posts\/12598"}],"collection":[{"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/users\/119"}],"replies":[{"embeddable":true,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/comments?post=12598"}],"version-history":[{"count":12,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/posts\/12598\/revisions"}],"predecessor-version":[{"id":13639,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/posts\/12598\/revisions\/13639"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/media\/12602"}],"wp:attachment":[{"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/media?parent=12598"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/categories?post=12598"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.iri.com\/blog\/wp-json\/wp\/v2\/tags?post=12598"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}