DTEX InTERCEPT Insider Risk Intelligence and Endpoint Telemetry - Splunk Add-on

DTEX InTERCEPT provides contextual human activity intelligence and endpoint telemetry as a single, noise-free data source that surfaces insider threats, predicts data loss events, and identifies external attempts to compromise an enterprises workforce. Together, Splunk and DTEX are delivering continuous threat posture analysis for every user, real-time endpoint visibility at enterprise scale, and dynamic zero trust policy enforcement aligned with continuous risk scoring. These actionable and holistic deliverables are helping hundreds of customers accelerate security response times and root cause analysis, drive faster event resolution with advanced analytics and reporting, and decrease manual security and IT operations. The Splunk Add-on for the DTEX InTERCEPT enables Splunk to accept events and alerts from DTEX via a Splunk forwarder. The events contain metadata from endpoints capturing user activities such as filesystem, network, process, device and session activities. The alerts report on critical threats and behaviors which are determined after applying proprietary algorithms on the activities. The data is CIM compliant and is available for use in pre-packaged dashboards and visualizations provided by the DTEX InTERCEPT Splunk App or provided from Splunk Enterprise Security. Splunk users can also use this to hunt, visualize data and create dashboards.