Splunk App for Enterprise Security
The Splunk App for Enterprise Security helps customers identify and address emerging security threats through the use of continuous monitoring, alerting and analytics. Suitable for a small security team or an enterprise security operations center, the app is the primary data interface for the analytics enabled security operation. * Situational awareness dashboards give custom views of risk per domain, asset, or identity * Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities * Analysis centers provide indicators of unknown threats from traffic abnormalities * Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity * Statistical outlier detection tools aid anomaly detection * Unified Threat Intelligence from many sources * Data inputs provided for NetFlow, logs, RDBMS, APIs, & more
Splunk Add-on for Bro IDS
This Technology Add-on (TA) allows you to integrate Bro IDS with Splunk in order to ingest packet captures (pcap) or real-time network traffic. Bro IDS will be used as a middleware to translate a network stream into ASCII data. Bro IDS is a powerful network analysis framework and comes with a BSD license that allows stream extractions from packet capture files (pcap) or real time traffic. By using Bro IDS and its programming language, we will be able to extract: * Flow headers such as source/destination IP, source/destination port, and protocol. * Protocol specific information directly related to the observed protocol. * Flow content carried by the protocols, such as an image in a HTTP session or a PDF file in a mail exchange. By default, Bro IDS will extract both flow headers and protocol specific information and store those information in its own logs.
Splunk 5.x App for Microsoft Windows
The Splunk App for Microsoft Windows ONLY works on Splunk 5.x systems. For similar functionality on Splunk 6 and later editions, please use the Splunk App for Windows Infrastructure: http://apps.splunk.com/app/1680/ The Splunk App for Windows provides examples of pre-built data inputs, searches, reports, alerts, and dashboards for Windows server and desktop management. You can monitor, manage, and troubleshoot Windows operating systems from one place. Included are scripted inputs for CPU, disk, I/O, memory, log, configuration, and user data, plus a web-based setup UI for indexing Windows Events Logs.