Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Webroot BrightCloud Threat Intelligence Add-on for Splunk
MD5 checksum (webroot-brightcloud-threat-intelligence-add-on-for-splunk_153.tgz) e2b0f5745a15fb22c9bbb00784f14abc MD5 checksum (webroot-brightcloud-threat-intelligence-add-on-for-splunk_152.tgz) 295ea4ef8cc7ddc359bcb64b15aa5240 MD5 checksum (webroot-brightcloud-threat-intelligence-add-on-for-splunk_151.tgz) a6d7b5cbb21be099e2d6546791f4a114 MD5 checksum (webroot-brightcloud-threat-intelligence-add-on-for-splunk_150.tgz) 96a44938de7216b725aa342881f38c0b
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Webroot BrightCloud Threat Intelligence Add-on for Splunk

Overview
Details
The Webroot BrightCloud Threat Intelligence Add-on for Splunk enables detection, alert, and investigation of malicious IP activity through the integration of real-time, predictive BrightCloud Threat Intelligence with your Splunk Enterprise Security device. Our IP Reputation Service provides you the ability to correlate a real-time threat feed with the log files indexed by Splunk to detect malicious IP activity in your incoming and outgoing IP traffic. Alert infosec teams and provide them with detailed contextual information on each malicious IP for incident response and investigation before those activities lead to security breaches. The Webroot Add-on is powered by BrightCloud Threat Intelligence services, the largest supplier of threat intelligence to the IT security industry, that have been battle-tested and licensed by Cisco, F5 Networks, HP, Palo Alto Networks among others to protect 27 million users worldwide.

The Webroot BrightCloud Threat Intelligence Add-on for Splunk enables detection, alert, and investigation of malicious IP activity through the integration of real-time, predictive BrightCloud Threat Intelligence with your Splunk Enterprise Security device. Our IP Reputation Service provides you the ability to correlate a real-time threat feed with the log files indexed by Splunk to detect malicious IP activity in your incoming and outgoing IP traffic. Alert infosec teams and provide them with detailed contextual information on each malicious IP for incident response and investigation before those activities lead to security breaches. The Webroot Add-on is powered by BrightCloud Threat Intelligence services, the largest supplier of threat intelligence to the IT security industry, that have been battle-tested and licensed by Cisco, F5 Networks, HP, Palo Alto Networks among others to protect 27 million users worldwide.

Use Cases

  • Detect & Alert - Correlate real-time malicious IP intelligence with log data inside your Splunk App for Enterprise Security to detect & alert on malicious IP activity. Enables your IT security team to perform incident response and investigation as early as possible before the activity turns into costly breaches
  • Investigate - Provide detailed contextual information on malicious IPs inside Splunk App for Enterprise Security to enable your IT security team to perform incident response and investigation
  • Correlation Analysis - Make real-time malicious IP intelligence data available via Splunk query commands to the rest of Splunk for queries & other analysis

Key Features

  • Continuously downloads the most current 12M malicious IPs from the real-time BrightCloud IP Reputation Service to Splunk App for Enterprise Security
  • Integrates seamlessly with Splunk alert capability to alert IT Security teams to malicious IP activity as it happens
  • Provides detailed contextual information on each malicious IP on demand for incident response & investigation
  • Enables BrightCloud IP threat intelligence data via Splunk query commands to the rest of Splunk Enterprise & other Splunk apps for correlation analysis

Key Differentiation

  • Proven & battle-tested – Webroot is the largest provider of real-time threat intelligence to the IT Security industry and BrightCloud Threat Intelligence Services are licensed by Cisco, F5 Networks, HP, Intel Security, Microsoft, Palo Alto Networks, and RSA among others to protect 27 million users worldwide from known & unknown cyber threats.
  • Provides real-time predictive threat intelligence across multiple threat vectors - BrightCloud collects intelligence on multiple vectors (IPs, URLs, files, and mobile applications) and correlates the relationships between them to six degrees of separation to identify objects that pose a greater risk of future attack
  • Richer data on real attacks based on data captured by our 30M+ endpoints - BrightCloud monitors real endpoints across multiple segments (consumers, small businesses, and enterprise) in addition to “honeypots” and global sensor networks. The threat intelligence you receive reflects what is truly happening in the threat landscape.

Prerequisites

Supports Splunk App for Enterprise Security V3.1, 3.2

Installation

It is a simple 3 step process:

  1. Download the Add-on to a local directory
  2. Deploy the Add-on inside Splunk App for Enterprise Security
  3. Start using the product with a trial license key after providing contact info

Please download the full installation & usage documentation.

Licensing

Obtain a free trial license key directly inside the product. If you have problem, please contact support@brightcloud.com.

Alternative to Add-on

If you do not have Splunk App for Enterprise Security and would prefer to have standalone out-of-the-box dashboards to utilize BrightCloud IP Reputation data, please click here for the BrightCloud Threat Intelligence App for Splunk. It has very similar features as the BrightCloud Threat Intelligence Add-on for Splunk except that it comes with out-of-the-box dashboards and reporting.

Support

Please contact our support either via telephone 1-877-612-6009 or via e-mail support@brightcloud.com.

Release Notes

Version 1.5.3
Jan. 14, 2016

- Bug fixes

Version 1.5.2
Dec. 7, 2015

- Bug fixes

Version 1.5.1
Sept. 4, 2015

- Bug fixes
- Minor usability improvements

Version 1.5.0
Aug. 10, 2015

4
Installs
327
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Splunk Certification Program

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2017 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.