|Has index-time operations||false|
|Create an index||yes|
|Implements summarization||Implements Data Model|
‘orgSecure’ is an Splunk based Analytics Solution to detect Insider Threats and monitor User Activities.
Please email us: email@example.com for any Questions or Support required. Expected resolution time is 2 days
‘orgSecure’ supports all the server platforms in the versions supported by Splunk Enterprise.
Because this app runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.
To install and configure this app on your supported platform, follow these steps:
Key to detect Threats is Active Monitoring and Machine Intelligence to detect anomal user behaviour. This can be achieved by creating a Baseline envelop which defines the expected usage of the user. This could be based on either historical data of user or the data of his colleagues of his department. It may be possible that a user may be excessively using Job portals if he is from HR but if envelop is configured correctly, it will not be detected as a abnormal behaviour since it is 'normal' for him.
In order to achieve this, orgSecure uses complex statistical techniques to create baseline envelops for users which determines their normal usage patterns. Any deviation from the envelops for consecutive periods are reported and should be investigated. Also, comprehensive dashboards and visualizations are provided to actively monitor user and asset activities.
Key Inputs to the application are:
You can configure Alerts for any unusual Activities
This app provides the index-time and search-time knowledge for the following types of data:
Below are the key SourceTypes:
They are mapped as per CERT DARCA Data. Details found at:
URL : https://www.cert.org/insider-threat/tools/index.cfm
In case of any different data structure, you will have to modify the dashboard and report queries.
Sample Lookups are provided under <lookup> folder. This needs to be updated with the details of your organisation.
By default, ‘orgSecure’ does not come with any File Inputs. In order to add any Folders to monitor for input logs,
In order to perform baseline analysis, select baseline envelop to be in history (say last 3 months) and select the period under analysis. The respective screens with show the abnormal behaviour as compared to the baseline envelops.
Insider Threats is a major cause of concern for various organisations today. With a robust IT Infrastructure, organisations do fairly well to defend against any external intrusions. However, employees who have access to data from within the organisation remains a threat to confidential and critical data to business.
With Advanced Analytics & monitoring, it is possible to detect any anomaly and take appropriate measures in time. orgSecure is an Splunk based Analytics Solution to detect Insider Threats and monitor User Activities.
User behaviour, emails, Web Activity, File access and removable media access can be monitored through orgSecure and obtain details on threats and monitor user & asset activities
Version: 1.0.0 - Initial Release
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.