Splunk App for AWS
The Splunk App for AWS (Amazon Web Services) gives you critical operational and security insight into your Amazon Web Services account. The app includes: * A pre-built knowledge base of dashboards, reports, and alerts that deliver real-time visibility into your environment. * Easy-to-configure data inputs for your Config, CloudTrail, CloudWatch, VPC Flow Logs, Billing, and S3 data. * A logical topology dashboard that displays your entire AWS infrastructure to help you optimize resources and detect problems. * CIM-compliant fields and tags so that you can integrate your AWS data with your other infrastructure and security data sources.
Optiv Threat Intel
Overview: Optiv Threat Intel is a Splunk App that automatically correlates your data with several popular open threat lists. After a few mouse clicks we can start hunting for log sources that are reaching out to, or being attacked from, known attackers. The app can provide increased visibility to potentially malicious activity going on in the organization. Features: * Threat list visualization that shows where most of the attackers are located on a globe. * Easily choose indexes, sourcetypes, or hosts for log entries that match threat list destination IPs, URLs and domains. * Email alerting feature to notify you of a threat list match that is correlated against your organization's machine data. * IP search feature that displays threat list activity. * Domain search feature that displays threat list activity. * RSS feed which will poll several information security news sites and consolidate the stories on one page. * Updated information is pulled down from the web every 8 hours.
S.o.S - Splunk on Splunk
Splunk on Splunk (S.o.S) is an app that turns Splunk's diagnostic tools inward to analyze and troubleshoot problems in your Splunk environment. It contains views and tools that allow you to do the following: * View, search and compare Splunk configuration files. * Detect and expose errors and anomalies in your installation, including inspection of crash logs. * Measure indexing performance and expose event processing bottlenecks. * View details of scheduler and user-driven search activity. * Analyze data volume metrics captured by Splunk. The SoS app has been developed primarily by the Splunk Support team, with the help of Splunk Dev, Splunk Docs, and Sideview LLC (http://sideviewapps.com).