DTEX InTERCEPT is powered by our patent-pending elastic metadata collection, correlation and analytics engine that delivers a 24x7x365 continuous audit trail of your enterprise landscape to observe and record the actions and activities of data, machines, applications, and people (DMAP) in near-real-time, both on and off the corporate network to surface dynamic behavioral awareness indicators.
The Enterprise Telemetry layer of DMAP+ contains a combination of smart, lightweight forwarders and real-time correlation of telemetry from data, machines, applications and people. Activities are continuously streamed to the DTEX Analytics Server. Monitoring of all activity group types such as session, process, file system, window, net-flow, webpage, network, device and other activities is configurable through granular endpoint filters as well as via the DTEX Analytics Server and can be segregated by configurable groups. PII information contained in the activity data can be optionally tokenized via DTEX’s patented anonymization technique.
Enterprise Telemetry image
The Behavioral Enrichment layer of DMAP+ is focused on statistical analysis, risk profiling and machine learning. As activities arrive at the DTEX Analytics Server from lightweight forwarders they are decrypted, decompressed, flattened then enriched through multiple stages of analysis including activity annotation and correlation.
The Predictive Analytics layer of DMAP+ concentrates on the aggregation of behavior scores from the Behavioral Enrichment layer and stacks alerts to provide actionable information regarding known and unknown threats. Outputs from the DMAP+ Predictive Analytics layer can be easily integrated with 3rd party SIEM platforms and data lakes.
This Add-on (TA) is designed to work with the Splunk App for the DTEX Workforce Cyber Intelligence Platform
Incident Report Dashboard
Application and Device Dashboard
Category and Severity Filters for Alerts
Navigation enhancements: Click through for usernames from various dashboards
Updating data model to support alert time based on updated time
Typographical and terminology errors
Filters are made visible upon application
Fixed several backend queries for the dashboards
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.