Skip to main content

Processing DMCA notices

  • Updated

Scenario: You work for a university at which students, and sometimes faculty, use the network to distribute content illegally. By law, you are required to pass on notification of infringement of the  Digital Millennium Copyright Act (DMCA) to the end user in violation. If you don’t pass on the notices, the university might become liable for the copyright infringement and owe damages to the reporting party. However, identifying the end user can be a challenge due to network authentication and network address translation. 

How Splunk software can help

You can use Splunk software to speed up the processing of DMCA notices. When provided with the date, time, and public IP address of the violation, an investigator can use Splunk software to determine which network user committed the violation.

What you need  

The following technologies, data, and integrations are useful in successfully implementing this use case.

People

The best person to implement this use case is a security analyst who is familiar with network data sources. If you also have a security tools engineer who is familiar with setting up Splunk dashboards and input panels, you can speed up the process further. These people might come from your team, a Splunk partner, or Splunk onDemand Services

Time

Processing a DMCA notice using Splunk software can last from 1 to 5 minutes.

Technologies 

The following technologies, data, and integrations are useful in successfully implementing this use case: 

  • Splunk Enterprise or Splunk Cloud
  • Data sources onboarded
    • DHCP data 
    • Network authentication data 

How to use Splunk software for this use case

You can run many searches with Splunk software to determine who violated the DMCA and serve notice. Depending on what information you have available, you might find it useful to identify some or all of the following: 

Other steps you can take

To maximize their benefit, the how-to articles linked in the previous section likely need to tie into existing processes at your organization or become new standard processes. Two processes commonly impact success with this use case: 

  • Communicating the notices to the investigator 
  • Notifying the violator after an identity has been established

How to assess your results

Measuring impact and benefit is critical to assessing the value of security operations. The following are example metrics that can be useful to monitor when implementing this use case:

  • Time to investigate request: The average time it takes an analyst to complete the investigation stage of the notification process
  • Monthly requests processed: The total number of requests that were fully processed within a month
  • Monthly monetary value of risk avoided: The number of requests processed per month x average $$ of risk for notice

Related articles

Comments

0 comments

Article is closed for comments.

The information provided in Splunk Lantern is intended for informational and educational purposes only. All information is provided in good faith, however, Splunk disclaims any and all representations and warranties, express and implied, regarding the information provided, including without limitation any warranties and representations regarding the completeness, adequacy or accuracy of the information. You agree to take full responsibility for the results arising from the use of the information provided.