AXF 12c Upgrade Patches and FIPSA Components

By: John Schleicher | Sr. Technical Architect

Introduction

This document contains the patch listing that was assembled during a recent Financials Image Processing Solution Accelerator (FIPSA) upgrade where the system was upgraded from 11.1.1.8 (imaging) to 12.2.1.3 release using the standard upgrade process and supplemented by post-upgrade activity to restore the system to full functionality.

The patch listing represents all of the WebLogic server components inclusive of Business Activity Monitoring (BAM)  that were present on the custom solution.   If your system doesn’t include BAM then the additional patches (26404239, 26081565, 28901325) aren’t required.

FIPSA Release

The FIPSA package 12.2.1.3.2 is required for the upgrade as it contains the necessary libraries and archives that are required for the AXF Solution Workspace and Coding form to run in the 12c environment.

Manual Edit

Due to a modification to the central task service engine which affects the SystemAttributes structure a single line edit is required of the InvoiceProcessing.bpel file of the 12.2.1.3.2 FIPSA release.  Presumably, this will be modified by subsequent releases.  Ensure that on line 3411 the reference to task:assigneeUsers/task:id is changed to task:updatedBy/task:id.  This is the least impact solution and may be adjusted in future releases but this has been tested and is working.

Note that active InvoiceProcessing tasks after upgrade cannot use the ‘SaveTask’ AXF action as the old paradigm will be engaged and the process will fault at the noted ‘assigneeUsers’ reference.  It is recommended that the ‘Save Task’ AXF action be disabled via the Imaging Solution Editor to avoid this fault until such time that active workflow instances are no longer present on that baseline.

Patch Listing

Here is an opatch lsinventory listing of the patches applied to the system representing bam, capture, content, soa, and WebLogic:

********************************************************************************

Oracle Interim Patch Installer version 13.9.4.0.0

Copyright (c) 2019, Oracle Corporation.  All rights reserved.

Oracle Home       : /oracle/middleware12c

Central Inventory : /oracle/oraInventory

   from           : /oracle/middleware12c/oraInst.loc

OPatch version    : 13.9.4.0.0

OUI version       : 13.9.3.0.0

Log file location : /oracle/middleware12c/cfgtoollogs/opatch/opatch2019-04-23_10-51-48AM_1.log

OPatch detects the Middleware Home as “/oracle/middleware12c”

Lsinventory Output file location : /oracle/middleware12c/cfgtoollogs/opatch/lsinv/lsinventory2019-04-23_10-51-48AM.txt

——————————————————————————–

Local Machine Information::

Hostname: imaging

ARU platform id: 226

ARU platform description:: Linux x86-64

Interim patches (18) :

Patch  26045997     : applied on Tue Apr 23 10:50:59 MDT 2019

Unique Patch ID:  22112962

Patch description:  “One-off”

   Created on 13 Apr 2018, 23:35:27 hrs UTC

   Bugs fixed:

     26045997

Patch  27133806     : applied on Tue Apr 23 10:41:52 MDT 2019

Unique Patch ID:  22061693

Patch description:  “One-off”

   Created on 27 Mar 2018, 16:59:09 hrs PST8PDT

   Bugs fixed:

     27133806

Patch  25830131     : applied on Tue Apr 23 10:35:35 MDT 2019

Unique Patch ID:  22704908

Patch description:  “One-off”

   Created on 27 Jan 2019, 12:26:12 hrs PST8PDT

   Bugs fixed:

     25830131

   This patch overlays patches:

     28710939

   This patch needs patches:

     28710939

   as prerequisites

Patch  28710939     : applied on Tue Apr 23 10:31:41 MDT 2019

Unique Patch ID:  22540742

Patch description:  “WLS PATCH SET UPDATE 12.2.1.3.190115”

   Created on 21 Dec 2018, 14:25:48 hrs PST8PDT

   Bugs fixed:

     23076695, 23103220, 25387569, 25488428, 25580220, 25665727, 25750303

     25800186, 25987400, 25993295, 26026959, 26080417, 26098043, 26144830

     26145911, 26248394, 26267487, 26268190, 26353793, 26439373, 26473149

     26499391, 26502060, 26547016, 26589850, 26608537, 26624375, 26626528

     26731253, 26806438, 26828499, 26835012, 26929163, 26936500, 26985581

     27055227, 27111664, 27117282, 27118731, 27131483, 27187631, 27213775

     27234961, 27272911, 27284496, 27411153, 27417245, 27445260, 27469756

     27486993, 27516977, 27561226, 27603087, 27617877, 27693510, 27803728

     27819370, 27912485, 27927071, 27928833, 27934864, 27947832, 27948303

     27988175, 28071913, 28103938, 28110087, 28138954, 28140800, 28142116

     28149607, 28166483, 28171852, 28172380, 28311332, 28313163, 28319690

     28360225, 28375173, 28375702, 28409586, 28503638, 28559579, 28594324

     28626991, 28632521

Patch  29620828     : applied on Tue Apr 23 08:57:20 MDT 2019

Unique Patch ID:  22858384

Patch description:  “ADF BUNDLE PATCH 12.2.1.3.0(ID:190404.0959.S)”

   Created on 15 Apr 2019, 17:17:00 hrs PST8PDT

   Bugs fixed:

     23565300, 24416138, 24717021, 25042794, 25802772, 25988251, 26587490

     26674023, 26760848, 26834987, 26957170, 27970267, 28368196, 28811387

     28849860

Patch  29367192     : applied on Tue Apr 23 08:50:38 MDT 2019

Unique Patch ID:  22751712

Patch description:  “One-off”

   Created on 12 Mar 2019, 01:07:01 hrs PST8PDT

   Bugs fixed:

     28843809, 28861250, 28998550, 29259548

   This patch overlays patches:

     28928412

   This patch needs patches:

     28928412

   as prerequisites

Patch  29257258     : applied on Tue Apr 23 08:45:17 MDT 2019

Unique Patch ID:  22807543

Patch description:  “OWEC Bundle Patch 12.2.1.3.190415”

   Created on 16 Apr 2019, 07:02:38 hrs PST8PDT

   Bugs fixed:

     18519793, 18877178, 19712986, 21110827, 21364112, 24702902, 25177136

     25181647, 25693368, 26650230, 27333909, 27412572, 27454558, 27570740

     27578454, 27713280, 27713320, 27839431, 27846706, 28128298, 28179003

     28324896, 28361985, 28373191, 28411455, 28460624, 28517373, 28581435

     28629570, 28705938, 28709611, 28818965, 28878198, 28893677, 28912243

     29197309, 29198801, 29279156, 29285826, 29286452, 29305336, 29305347

     29349853, 29473784, 29620912, 29620944, 29635114

Patch  28901325     : applied on Tue Apr 23 08:36:49 MDT 2019

Unique Patch ID:  22605292

Patch description:  “One-off”

   Created on 30 Nov 2018, 21:05:48 hrs PST8PDT

   Bugs fixed:

     28901325

Patch  26081565     : applied on Tue Apr 23 08:35:28 MDT 2019

Unique Patch ID:  21885885

Patch description:  “One-off”

   Created on 19 Jan 2018, 08:12:44 hrs PST8PDT

   Bugs fixed:

     26081565

Patch  26404239     : applied on Tue Apr 23 08:33:47 MDT 2019

Unique Patch ID:  21885962

Patch description:  “One-off”

   Created on 18 Jan 2018, 21:09:57 hrs PST8PDT

   Bugs fixed:

     26404239

Patch  24950713     : applied on Tue Apr 23 08:24:45 MDT 2019

Unique Patch ID:  22708973

Patch description:  “One-off”

   Created on 29 Jan 2019, 08:18:55 hrs PST8PDT

   Bugs fixed:

     24950713

   This patch overlays patches:

     29142661

   This patch needs patches:

     29142661

   as prerequisites

Patch  29142661     : applied on Wed Apr 17 12:22:50 MDT 2019

Unique Patch ID:  22643444

Patch description:  “SOA Bundle Patch 12.2.1.3.0(ID:181223.0212.0069)”

   Created on 23 Dec 2018, 12:57:19 hrs PST8PDT

   Bugs fixed:

     24922173, 24971871, 25941324, 25980718, 26031784, 26372043, 26385451

     26401629, 26408150, 26416702, 26472963, 26484903, 26498324, 26536677

     26571201, 26573292, 26644038, 26645118, 26669595, 26696469, 26720287

     26739808, 26796979, 26851150, 26868517, 26869494, 26895927, 26935112

     26947728, 26953820, 26957074, 26957183, 26982712, 26997999, 27018879

     27019442, 27024693, 27030883, 27073918, 27078536, 27119541, 27141953

     27150210, 27157900, 27171517, 27210380, 27230444, 27241933, 27247726

     27260565, 27268787, 27311023, 27368311, 27379937, 27411143, 27429480

     27449047, 27486624, 27494478, 27561639, 27627502, 27633270, 27639691

     27640635, 27651368, 27653922, 27656577, 27708766, 27708925, 27715066

     27767587, 27785937, 27832726, 27876754, 27879887, 27880006, 27929443

     27932274, 27940458, 27957338, 28000870, 28034163, 28035648, 28042548

     28053563, 28067002, 28096509, 28163159, 28178811, 28178850, 28265638

     28290635, 28317024, 28324134, 28368230, 28389624, 28392941, 28448109

     28468835, 28597768, 28620247, 28632418, 28702757, 28808901, 28901363

     29005814

Patch  28928412     : applied on Mon Jan 28 13:14:33 MST 2019

Unique Patch ID:  22610612

Patch description:  “WebCenter Content Bundle Patch 12.2.1.3.190115”

   Created on 14 Dec 2018, 02:53:41 hrs PST8PDT

   Bugs fixed:

     16546231, 17278216, 21443677, 23526550, 23567875, 23717512, 24660722

     25051178, 25228941, 25311639, 25357798, 25605764, 25606440, 25801227

     25822038, 25858327, 25885770, 25928125, 25928588, 25979019, 25985875

     26075990, 26105301, 26185222, 26228118, 26283098, 26300787, 26358746

     26415656, 26430590, 26545951, 26574381, 26576630, 26586426, 26596903

     26636302, 26723147, 26732710, 26786056, 26813909, 26820528, 26847632

     26890620, 26893963, 26954901, 27020230, 27065201, 27099662, 27102908

     27119372, 27140730, 27190092, 27190553, 27193483, 27206340, 27233223

     27254464, 27314625, 27319352, 27346199, 27365218, 27383350, 27383732

     27390329, 27396349, 27406356, 27453228, 27457939, 27458003, 27496856

     27502500, 27507189, 27547665, 27574477, 27608152, 27620996, 27648991

     27661839, 27744442, 27771468, 27801161, 27804618, 27814273, 27824132

     27839174, 27877814, 27879502, 27916698, 27921859, 27943295, 27983987

     27984425, 28043459, 28048684, 28098831, 28165088, 28180857, 28185865

     28225141, 28295718, 28302949, 28317851, 28319312, 28378394, 28380642

     28405721, 28425934, 28452764, 28475951, 28481653, 28485796, 28486569

     28556894, 28593461, 28621910, 28635203, 28651169, 28663117, 28704291

     28707740, 28798285, 28872073, 28872314, 28889421, 29011518

Patch  28278427     : applied on Fri Aug 17 08:15:59 MDT 2018

Unique Patch ID:  22374151

Patch description:  “One-off”

   Created on 6 Aug 2018, 05:40:17 hrs PST8PDT

   Bugs fixed:

     28278427

Patch  26355633     : applied on Thu Mar 29 12:51:10 MDT 2018

Unique Patch ID:  21447583

Patch description:  “One-off”

   Created on 1 Aug 2017, 21:40:20 hrs UTC

   Bugs fixed:

     26355633

Patch  26287183     : applied on Thu Mar 29 12:50:58 MDT 2018

Unique Patch ID:  21447582

Patch description:  “One-off”

   Created on 1 Aug 2017, 21:41:27 hrs UTC

   Bugs fixed:

     26287183

Patch  26261906     : applied on Thu Mar 29 12:50:32 MDT 2018

Unique Patch ID:  21344506

Patch description:  “One-off”

   Created on 12 Jun 2017, 23:36:08 hrs UTC

   Bugs fixed:

     25559137, 25232931, 24811916

Patch  26051289     : applied on Thu Mar 29 12:50:26 MDT 2018

Unique Patch ID:  21455037

Patch description:  “One-off”

   Created on 31 Jul 2017, 22:11:57 hrs UTC

   Bugs fixed:

     26051289

Noted Patch Exceptions

The above listing doesn’t leverage the latest bundle patches for SOA nor WebLogic Server as there were overlay patches with dependencies on the bundle that had yet to be released.  Monitor the release of patches 24950713 and 25830131 for inclusion of the latest bundle release.

Conclusion

TekStream has performed the 12.2.1.3 FIPSA upgrade and worked through the issues necessary to restore full functionality on the new baseline.  

Have questions or need assistance with your upgrade? Contact us today!

[pardot-form id=”17931″ title=”Blog – John Schleicher – AXF 12C UPGRADE PATCHES AND FIPSA COMPONENTS”]


[1] Application eXtension Framework

Inspyrus Velocity: The Proof is in the…Concept

Inspyrus Velocity:  The Proof is in the…Concept

By: Marvin Martinez | Senior Developer

The Inspyrus Invoice Automation solution can significantly streamline a company’s accounts payable (AP) process.  With automated PO matching, workflow routing, streamlined and even touchless approvals of purchase orders, it can greatly increase efficiency of invoice processing. Deep prebuilt integrations into the world leading ERP software allow Inspyrus to ensure all exception handling is done upfront, minimizing errors and ensuring accuracy. However, sometimes just hearing about it isn’t enough.  Sometimes, one has to see it to believe it.  That is where TekStream’s Inspyrus Velocity option can help.

Inspyrus Velocity is a Tekstream offering that allows the deployment of a usable Inspyrus implementation, connected to your ERP and Active Directory, for proof-of-concept (POC) and hands-on evaluation purposes.  With this offering, a prospective customer can get an idea of the kind of improvement and benefit that the Inspyrus Invoice Automation solution is able to provide.  This simplified POC environment, while likely a subset of the entire solution that a customer might require, still showcases plenty of standard Inspyrus features that are sure to impress anyone.

Included with the Inspyrus Velocity offering are the following standard features:

  • Out-of-the-box standard Inspyrus workflows, including 2-way POs, 3-way POs, Non-PO, prepayment, and credit memo invoices
  • Real-time integration to a non-production EBS ERP system
  • AP Initial Review assignments to a single AP work queue
  • Automated pairing for 2-way and 3-way POs
  • Batch Matching to automate receipt matching of 3-way PO invoices if invoice was received before shipment was received
  • Configuration of 1 organizational/operating unit
  • Approval hierarchy for approvals, including email approvals
  • Email monitoring of 1 customer email inbox for invoice ingestion
  • Up to 5 routing reason codes/exception codes
  • Integration to 1 Active Directory domain
  • Dedicated site to site connectivity through VPN for ERP and Active Directory connections
  • Recurring invoices

These out-of-the-box features, while only a subset of the suite of features that the solution offers, still constitute a feature-rich application able to showcase the power, ease of use, and versatility of the Inspyrus Invoice Automation solution.  With this proof-of-concept offering via TekStream’s Inspyrus Velocity, a prospective customer can get a feel for how their accounts payable process could be streamlined and how their day-to-day processes greatly improved.  If an out-of-the-box proof of concept can demonstrate these improvements, imagine how much additional features like available auto-coding and predictive coding of non-PO invoices and customized validation logic for proprietary/internal procedures and policies can do? 

Want to learn more about what Inspyrus Invoice Automation can do for you, and even see it working in real-time for your ERP? Contact us today!

[pardot-form id=”17835″ title=”Blog – Marvin Martinez – Inspyrus Velocity: The Proof is in the…Concept”]

 

Migrating from WebCenter to Hyland OnBase

By: Karla Broadrick | Technical Architect & Team Lead

 

Ready for a change in your ECM platform?  Perhaps your organization is on an older unsupported version of WebCenter Content or WebCenter Imaging and the prospect of upgrading to the latest is overwhelming.  Maybe you are looking for an expanded feature set and future product roadmap that WebCenter simply doesn’t offer.  Or perhaps your organization owns both WebCenter and Hyland OnBase and you are looking to consolidate your footprint.  A move to Hyland OnBase might be the change you are looking for.

With experts in both WebCenter and OnBase, TekStream is uniquely positioned to assist your business with its digital transformation.  The TekStream team’s intimate knowledge of both WebCenter and OnBase allows us a deep understanding of how your current solution works, your current pain points, and future business needs.  With this understanding and OnBase expertise, we are uniquely equipped to assist you in designing an OnBase solution that will not only meet all of your current business needs, but also provide a stable platform with a product that continues to expand its features and offerings.

Below are some of the potential challenges that the TekStream team can help you navigate as you consider a migration to OnBase.

  • Metadata Model conversion: From Content Types, Profiles and Metadata to Document Type Groups, Document Types, and Keywords. How is the current metadata model best represented in OnBase?
  • Security: Securing your content is the utmost importance. TekStream can assist with mapping security groups and accounts to OnBase user group privileges and security keywords.
  • Document ingestion: How do you get documents into the system? Whether its document upload, scanning, email, or flat-file ingestion OnBase is capable of meeting your needs.
  • Workflow: TekStream can help you examine your workflow processes and determine how these should best be replicated in your OnBase solution. Or if you aren’t currently taking advantage of any workflow engine, OnBase can help streamline your business processes. TekStream will work with you to design and build out a tailored workflow to any number of business areas.
  • Executing the migration: Planning the logistics around the migration itself including extracting images and data from one system, transferring and importing it to the other.
  • Custom components and other custom functionality: Nearly every WebCenter implementation things that make it unique. Whether it’s custom components or other custom functionality that is integral to your business, it’s essential to make sure that this functionality is planned for in your OnBase implementation.

 

Contact TekStream today to learn more about we can help you migrate to Hyland OnBase!

Email Routing Using Sendemail in Splunk Enterprise Security

Email Routing Using Sendemail in Splunk Enterprise Security

By: Bruce Johnson | Practice Lead, Operational Intelligence

This was the use case scenario: Something went bump in the night. We needed to be able to send alerts from correlation searches to the security guards after hours and on weekends for a few specific correlation searches. Certain categories of activity (e.g, access violations, creating a new account, getting deleted, getting locked out, clearing security or system logs, using service accounts, etc.) needed to alert the after-hours team.

Now there are plenty of tools that do this very effectively (VictorOps among them). We needed something simple and, in Splunk, it really couldn’t be simpler.

The brute force method would have been to create correlation searches that run after hours and send to different email aliases. In other words, you have a different schedule to run a correlation search because you want that correlation search to route to different people, so create a duplicate search with different schedule settings. I suppose this would have been appropriate if the after-hours search had different levels of severity because of the timing, in which case I would have definitely taken that approach, but that was not the case. There is also no way to use cron to do conditionals. So I couldn’t  do a single secondary search that would run on both after hours on weekdays and all hours on weekends (e.g. <*/15 0,1,2,3,4,5,6,19,20,21,22,23 * * 1-5> OR <*/5 * * * 6-7>). Practically speaking that would mean three different correlation searches – untenable for Splunkers like me that are aspirationally lazy (not very successful yet but someday).

What we needed was a means to determine whether a search result was run after hours or on weekends and set a flag. Then use a lookup to return the emails that we would route to and pass that as a parameter to the email action set up in the correlation search. This was just so much simpler than I thought it would be.

The lookup (mail_recipients.csv) for routing purposes at its simplest level:

email after_hours
bjohnson@whitehouse.gov 1
bruce.johnson@tekstream.com 0
bruce.johnson@match.com 1

I added other columns for userid, escalation level, cc, bcc and some fields that we might anticipate using should our routing need to be more complex, but for now we focused simply on the “after hours” use case. By The Way – the Sendresults app makes sending emails to a column dead simple but our use case was so basic, it really wasn’t needed. If you want to play with it: https://splunkbase.splunk.com/app/1794/

Here’s the search – formatted to use _internal instead of CIM or wineventlog for testing purposes. The sendemail is included for testing as well. All we want to do in the format of the correlation search is to set the routing to $result.recipients$ in the To field. This may not work if you have no errors in your environment (insert appropriate emoji).

In the final version I pulled out the code between the evals and the recipient creation and put it in a macro (stripping all the fields I used except for recipients. Then inserted the macro into every correlation search that needed the routing.

The eventual correlation searches just needed to insert the macro, ensure that the recipients field was in the final result, and change the routing on the email action to go to $result.recipients$ – simple but useful.

The eventual search looked similar to this…

Next up: Modify the search to use data models and to actually use the max hour for the search so that if the search results that come back have a mix of times that cross the current hour boundary, the most conservative path is chosen.

Want to learn more about email routing in Splunk Enterprise Security? Contact us today! 

[pardot-form id=”17645″ title=”Blog – Bruce Johnson – Email Routing Using Sendemail in Splunk Enterprise Security”]

TekStream Named One of Atlanta’s Fastest Growing Technology Companies in 2019


For the fifth time in just six years, The Atlanta Business Chronicle has recognized TekStream as one of “Atlanta’s 100 Fastest Growing Private Companies” at the 24th annual Pacesetter Awards.

Atlanta, GA, April 26, 2019 — For the fifth time in just six years, The Atlanta Business Chronicle has recognized TekStream as one of “Atlanta’s 100 Fastest Growing Private Companies” at the 24th annual Pacesetter Awards. These awards honor local companies that are taking business to the next level and experiencing growth at top speed. TekStream joins tech powerhouses LendingPoint, QGenda, and Total Server Solutions as being one of Atlanta’s top private tech companies and ranks 75th overall.

“We are very proud to be recognized by the Atlanta Business Chronicle for this award four years in a row and five out of the last six years,” said Chief Executive Officer, Rob Jansen. “The accelerated growth we are seeing to help clients leverage Cloud-based technologies and Big Data solutions to solve complex business problems has been truly exciting. We are helping our clients take advantage of today’s most advanced recruiting and technology solutions to digitally transform their businesses and address the ever-changing market.”

“Customers are clamoring to figure out how to leverage Cloud technologies to replace capital expense and increase the speed and agility of their IT infrastructure. TekStream will continue their digital transformation by helping them streamline and enhance their infrastructure, lower their operating costs, and free up resources so they can be used to develop innovative solutions to existing problems that are more core to their business,” stated Judd Robins, Executive Vice President of Sales.

“We continue to adapt to our clients’ hiring needs with new solutions and a tried and true recruiting team. The additional recognition is an honor and demonstrates the strength and commitment of our staff,” stated Mark Gannon, Executive Vice President of Recruitment. “We look forward to additional successes in 2019 and to continually pushing to meet our client and consultant expectations.”

TekStream has seen a three-year growth of over 166% and added over 50 jobs in the last 12-18 months. The company’s impressive rise has allowed it to receive accolades from groups like Inc. 5000 and AJC’s Top Workplaces; however, the sky is the limit for this tech firm. Look for TekStream to continue to introduce next-generation solutions for Business, Government, Healthcare, and Education.

About TekStream
We are “The Experts of Business & Digital Transformation”, but more importantly, we understand the challenges facing businesses and the myriad of technology choices and skillsets required in today’s “always on” companies and markets. We help you navigate the mix of transformative enterprise platforms, talent and processes to create future-proof solutions in preparing for tomorrows opportunities…so you don’t have to. TekStream’s IT consulting solutions combined with its specialized IT recruiting expertise helps businesses increase efficiencies, streamline costs and remain competitive in an extremely fast-changing market. For more information about TekStream, visit www.tekstream.com or email Shichen Zhang at Shichen.zhang@tekstream.com.

TekStream Partners with Hyland to Provide Content Services

TekStream Partners with Hyland to Provide Content Services

TekStream now offering Hyland implementation and support services

ATLANTA, GA, February 28, 2019 — TekStream, an Atlanta-based technology company, and Hyland, a leading provider of information management solutions, are partnering to help organizations achieve their digital transformation goals by enabling seamless, end-to-end content management for their entire ECM process.

TekStream leverages a combination of business-consulting, implementation, managed services and recruiting expertise to help organizations manage the massive volumes of applications, content, Internet-based services, and machine data that have been created over the past decade as well as take advantage of next generation cloud-based solutions. Our implementation services for Hyland OnBase, an enterprise information platform, are designed to help our clients make the most out of their Hyland OnBase solutions while providing strategic vision and “Best Practices” to ensure their success.

“As a Hyland Partner, TekStream is committed to working hand-in-hand with our clients to create an approach and architecture that best fits both immediate needs and future growth,” said Troy Allen, Vice President of TekStream. “TekStream is able to leverage business consulting and technical implementation expertise along with Hyland OnBase product expertise to help organizations efficiently implements information management solutions from a department level to full-scale enterprise solutions. More importantly, we help customers find new ways to leverage those assets to fuel innovation, improve new customer relationships, improve business processes, and reduce costs as they look towards the next 5-10 years of growth.”

Our core offerings with Hyland include:
• Business Strategy and Design Services
• Enterprise Content Management Solutions
• Contract Management Solutions
• Case Management Solutions
• Accounts Payable Solutions
• Enterprise Portal Solutions
• Managed Services and Support
• Business and Technical Training

About TekStream
TekStream is an Atlanta-based technology solutions company that offers business and digital transformation, managed services, and recruiting expertise to help companies manage their applications, business processes, content, human capital, and machine data as well as take advantage of next-generation cloud-based solutions. TekStream’s IT consulting solutions combined with its specialized IT recruiting expertise helps businesses increase efficiencies, streamline costs, and remain competitive in an extremely fast-changing market. For more information about TekStream Solutions, visit www.tekstream.com or email Shichen Zhang at shichen.zhang@tekstream.com.

About Hyland 
Hyland is a leader in providing software solutions for managing content, processes, and cases for organizations across the globe. For over 25 years, Hyland has enabled more than 19,000 organizations to digitalize their workplaces and fundamentally transform their operations. Named one of Fortune’s Best Companies to Work For® since 2014, Hyland is widely known as both a great company to work for and a great company to do business with. For more information, please visit Hyland.com.

# # #

Using Splunk to Monitor USB Removable Storage Devices

Windows Event Log Monitoring

Abstract

Information security is only as effective as physical security policies. Splunk continues to be a valuable tool in providing insight into risk and threat detection. As more security operation centers (SOC’s) look to limit sensitive data being exposed, USB removable storage devices (thumb drives, external hard drives, cell phones with high capacity storage, and SD cards) introduce risk. These devices are helpful in providing a backup location for important documents and files. They can help in moving data from one system to another. They can also be used to steal data, or move them into an unsecured location. Using Splunk, a security team can now monitor when these devices are plugged into systems.

Using Windows

Windows information on USB devices can be found here:

Information on USB devices in Windows needs to be enabled before moving forward. The current default in administrative policy is to have this feature disabled. Enabling this feature will require administrative access to Windows.

Test Procedures

Devices
By default, the Windows logging option for operations is disabled. This means there is no historical data to draw upon. Once operational logging is enabled, it’s important to generate data by plugging in different devices. Record the time a device was plugged in, when the device was stopped via software, and when the device was physically removed.

Time – Insert Time – Stop Time – Remove Device
10:20am 10:23am 10:24am Generic USB Drive
10:29am 10:30am 10:31am Kingston Micro SD Card
10:33am 10:36am 10:37am Seagate USB External Drive
10:45am 10:52am 10:53am Western Digital External Hard Drive Micro USB

Different devices should produce different results, especially when vendor ID and device ID is recorded. A list of USB ID’s can be found here:
http://www.linux-usb.org/usb.ids

Adding Data to Splunk

Perform a series of tests (inserting and removing USB devices), and generate a log full of events to be exported. While it’s possible to ingest the data through the Splunk Add-On for Windows, doing so without the add-on will require exporting the log as a text file, where the fields were separated by Tab.
In Splunk, add the data using the UI. Select Add Data, and the Upload.

Based on how the data was exported from Windows, select the following sourcetype:

Structure >> TSV (Tab-Separated Value)

Create a new index, such as “wineventlog”, to group the events and make searching easier.

Event ID

Identifying Microsoft’s Event ID’s is one of the requirements in identifying when a USB device has been inserted. This helps to better refine a search for qualifying events, eliminating non-useful events from the group. A search was used in Splunk to count the number of event id’s seen in the logs.

The values of the event ID’s are:

1000 Startup of the driver manager service. The Driver Manager service started successfully
1003 Creation of a new driver host process. The Driver Manager service is starting a host process for device (Device){GUID}.
1004 Creation of a new driver host process. The host process ({GUID}) started successfully.
1006 Shutdown of a driver host process. The host process ({GUID}) is being asked to shutdown.
1008 Shutdown of a driver host process. The host process ({GUID}) has been shutdown.
2000 Startup of a new driver host process. The UMDF Host Process ({GUID}) is starting up.
2001 Startup of a new driver host process. The UMDF Host Process ({GUID}) started successfully.
2003 Loading drivers to control a newly discovered device. The UMDF Host Process ({GUID}) has been asked to load drivers for device (Device).
2004 Loading drivers to control a newly discovered device. The UMDF Host is loading driver WUDFUsbccidDriver at level 0 for device (Device).
2005 Loading drivers to control a newly discovered device. The UMDF Host Process ({GUID}) has loaded module C:\windows\System32\USER32.dll while loading drivers for device (Device).
2006 Loading drivers to control a newly discovered device. The UMDF Host successfully loaded the driver at level 0.
2010 Loading drivers to control a newly discovered device. The UMDF Host Process ({GUID}) has successfully loaded drivers for device (Device).
2100 Pnp or Power Management operation to a particular device. Received a Pnp or Power operation (RequestMajorCode, RequestMinorCode) for device (Device).
2101 Pnp or Power Management operation to a particular device. Completed a Pnp or Power operation (RequestMajorCode, RequestMinorCode) for device (Device) with status 0x0.
2102 Pnp or Power Management operation to a particular device. Forwarded a finished Pnp or Power operation (RequestMajorCode, RequestMinorCode) to the lower driver for device (Device) with status 0x0.
2105 Pnp or Power Management operation to a particular device. Forwarded a Pnp or Power operation (RequestMajorCode, RequestMinorCode) for device (Device) to the lower driver with status 0xC00000BB
2106 Pnp or Power Management operation to a particular device. Received a Pnp or Power operation (RequestMajorCode, RequestMinorCode) for device (Device) which was completed by the lower drivers with status 0x0
2900 Shutdown of a driver host process. The UMDF Host ({GUID}) has been asked to shutdown.
2901 Shutdown of a driver host process. The UMDF Host ({GUID}) has shutdown.

*Value labels represented inside < >, actual events will have specific values in place.

In reviewing the events, we concluded Event ID’s 1003, 2003, and 2102 provided the best group of events to identify when a device is inserted and removed, without being overly verbose. If Event Filtering is available prior to being ingested into Splunk, these events would be the most valuable. From what we have seen, 1003 seems to capture USB Removable Drives, but will not capture mobile devices. In addition, 2003 seems to capture MTP devices.

Splunk

The Search
Ultimately, the data with corresponding Event ID’s were used to formulate a search which would return relevant information about when a USB device was inserted or removed.

Line Notes

The Results

Future Consideration

In the search, important fields are pulled out which are not heavily used in the search above. GUID, Vendor ID, Product ID, device names can all be used to further elaborate on devices specifics, and correlate these events with other actions. The process GUID may be linked to a different process, potentially one which reveals actions taken from or to the removable USB device. It’s worth exploring further, and getting a more detailed analysis on USB Mass Storage Devices.

Want to learn more about using Splunk to monitor USB removable storage devices? Contact us today!

[pardot-form id=”17340″ title=”Blog – Pete Chen – Using Splunk to Monitor USB Removable Storage Devices”]

TekStream Promoted to Premier Tier in Splunk> Partner+ Program

TekStream Promoted to Premier Tier in Splunk> Partner+ Program

TekStream, an Atlanta-based digital transformation technology firm, today announced it has achieved Premier Partner status in the Splunk Partner+ Program.

By including TekStream in its Premier Partner Tier, Splunk has recognized TekStream for its outstanding achievement and commitment to Splunk market development, strategic prioritization, and customer success.

“It is a significant accomplishment to become a Splunk Premier Partner,” said Matthew Clemmons, Managing Director of Splunk practices at TekStream. “This recognition is a positive affirmation of our commitment to helping our clients get the most from their Splunk investment by aligning with and executing on Splunk’s strategic vision. Premium Partner status will provide us with access to an even greater range of Splunk resources and support. In turn, this enables us to deliver even higher levels of world-class service to our customers for their Security, IT Operational Intelligence, and Support needs.”

In order to achieve Premier Partner status, partners must attain a level of annual bookings and staff accreditations commensurate with the tier. With its Premier status, TekStream’s Splunk customers benefit from an enhanced level of engagement, commitment, and support.

TekStream
TekStream is an Atlanta-based technology solutions company that offers business and digital transformation, managed services, and recruiting expertise to help companies manage their applications, business processes, content, human capital, and machine data as well as take advantage of next-generation cloud-based solutions. TekStream’s IT consulting solutions combined with its specialized IT recruiting expertise helps businesses increase efficiencies, streamline costs, and remain competitive in an extremely fast-changing market. For more information about TekStream Solutions, visit www.tekstream.com or email Shichen Zhang at shichen.zhang@tekstream.com

Press Release: TekStream Achieves SOC 1 and SOC 2 Type 2 Compliance Certification

TekStream Achieves SOC 1 and SOC 2 Type 2 Compliance Certification

TekStream’s information security practices, policies, and procedures are officially approved to meet the SOC 1 and 2 trust principles criteria for security, availability, processing integrity, and confidentiality

ATLANTA, GA, January 10, 2019 /24-7PressRelease/ — TekStream announced today that the company has achieved the Service Organization Control (SOC) 1 and SOC 2 Type 2 compliance certification, an attestation standard defined by the Association of International Certified Professional Accountants (AICPA), certifying that TekStream’s information security practices, policies, and procedures are officially approved to meet the SOC 1 and 2 trust principles criteria for security, availability, processing integrity, and confidentiality.

In today’s global economy, more and more companies begin to outsource core business operations and activities to outside vendors. Service providers must have sufficient controls and safeguards in place when hosting or processing customer data. With SOC certification, customers can now be confident that TekStream has the controls and auditing in place to maintain the security, availability, and confidentiality of their systems. TekStream is organized to handle the data privacy concerns of the largest enterprises in highly regulated industries.

“Despite technology advancements, the Cloud and On-Premise environments are not getting any easier to maintain.” explains Judd Robins, Executive Vice President. “In fact, as Cloud and hybrid digital transformations become increasingly common; supporting and managing today’s leading technologies with security controls and protocols becomes even more difficult. Customers are no longer looking to maintain an expensive internal team of architects, developers, support personnel, admins, and infrastructure experts for critical applications. TekStream’s Support and Managed Services takes this burden off customer teams, so they can focus on growth while leaving the IT details to us.”

TekStream’s support and managed services offerings are designed to provide companies with flexible support hours to ensure enterprise solutions are running smoothly, securely and efficiently at all times. Our support technicians are dedicated to rapid request response and providing real-time solutions and services based on years of practice with Amazon, Hyland, Liferay, Oracle, and Splunk.

Our support and MSP services include:

  • Amazon Web Services (AWS) Support – Eliminate infrastructure headaches and the associated drain on your technical teams by outsourcing your AWS support to TekStream
  • Hyland Support – Enhance system security, prevent outages, and ensure that your OnBase solutions continue to run smoothly 24/7
  • Liferay Support – Continually optimize the stability of your implementation. By monitoring and maintaining your environment, TekStream ensures not just that your initial investment in the platform is protected, but that future issues are identified and addressed before they arise.
  • Oracle Cloud Support – Let TekStream’s team of experienced Oracle Cloud Support consultants take care of the management and maintenance of your business’ IaaS and PaaS technologies.
  • Oracle On-Prem Support – Save time by letting TekStream take responsibility for the operational management of your Oracle WebCenter environment. Our support services assess the stability of your current implementation and optimize to provide better security, ensure your applications run smoothly, and prevent outages.
  • Splunk Support – Whether you need guidance in setting up a new environment or creating new solutions to optimize existing environments, Our team of certified support engineers ensure your company is getting the most out of your investment. With proactive identification of errors and anomalies, we can prevent lengthy outages and keep your system running smoothly to keep operational disruptions to a minimum.

TekStream’s commitment to enterprise-level security, privacy, availability, and performance is driven by our unique and entrepreneurial culture built by individuals who are fanatically driven to exceed client expectations. With our SOC 1 and SOC 2 compliance, customers are in good hands with our team of experts.

TekStream
TekStream is an Atlanta-based technology solutions company that offers business and digital transformation, managed services, and recruiting expertise to help companies manage their applications, business processes, content, human capital, and machine data as well as take advantage of next-generation cloud-based solutions. TekStream’s IT consulting solutions combined with its specialized IT recruiting expertise helps businesses increase efficiencies, streamline costs, and remain competitive in an extremely fast-changing market. For more information about TekStream Solutions, visit www.tekstream.com or email Shichen Zhang at shichen.zhang@tekstream.com.