Accept License Agreements

Thank You

Downloading Splunk Security Essentials for Fraud Detection
MD5 checksum (splunk-security-essentials-for-fraud-detection_101.tgz) 05491e2ba202913a7d188af0ea73cf7e
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Splunk Security Essentials for Fraud Detection

Splunk Built
Overview
Details
Learn how Splunk Enterprise may be used to detect various forms of fraud using the example scenarios in Splunk Security Essentials for Fraud Detection.
These detection use cases were implemented using the Search Processing Language (SPL) and the Machine Learning Toolkit (MLTK).
The use cases include example data sets so you may run them yourself. After learning about these examples, you can start to experiment with similar scenarios with your own data using Splunk Enterprise.

Attention: This application contains a large example data set so some dashboards may be slow to load.

Description

Learn how Splunk Enterprise may be used to detect various forms of fraud using the example scenarios in Splunk Security Essentials for Fraud Detection. Each detection use case includes a description of how it was implemented using the Search Processing Language (SPL) and the Machine Learning Toolkit (MLTK). The use cases include example data sets so you may run them yourself. After learning about these examples you should be ready to start experimenting with similar scenarios on your own data using Splunk Enterprise.

What is the Splunk Security Essentials For Fraud Detection App?

Learn ways to detect fraudsters with Splunk software by examining the example use cases in this free app. This app uses Splunk Enterprise and the power of our Search Processing Language (SPL) to showcase working examples of fraud detection. Each use case includes sample data and searches that can be used as a reference to help implement use cases in your environment. The example use cases give analysts the ability to detect potentially fraudulent activities in healthcare insurance claims, payment card purchases and wire transfers. Each use case includes a description, an explanation of how the search works and pointers to keep in mind when implementing similar use cases on your own data.

Use Cases:

Healthcare Insurance Billing

  • Providers with very abnormal prescriptions
  • Provider peer group profile

Payment Cards

  • High risk cards
  • Risky transactions
  • Victimized merchants

Wire Transfer

  • Customers with abnormal behavior
  • Account Profiling
  • Account Behavior Profile

Dependencies:

Splunk Security Essentials for Fraud Detection depends on the following apps

Splunk Machine Learning Toolkit
Python for Scientific Computing
Clustered Single Value Map Visualization
3D Scatterplot

All above apps can be downloaded for free from Splunkbase. When installing these apps please select the appropriate platform.

Make sure these apps are properly installed in your Splunk environment before installing this app.

Data Sources Used

Example Healthcare Insurance Billing logs
Example Credit Card transaction logs
Eventgen for wire transfer demo

Performance Impact

The example use cases are intended to demonstrate possible detection logic. These use cases are not necessarily optimized for performance. When implementing use cases in your environment based on this logic please make sure to optimize for your specific deployment and data sets.

Detection Methods Used by the Searches

Splunk SPL searches
Machine Learning Toolkit

Quick Installation Suggestions

Due to very large size of the app - it may be a challenge to install it via normal, GUI way.
Here are suggested steps to install this app in a faster, more reliable manner:
- Download the app to your computer
- Unzip it manually (via WinRar or 7Zip or related linux utilities)
- If you do not need Healthcare demo - you may delete Healthcare dataset - all files under ./Splunk-SE-Fraud-Detection/DATA/af-cms* - this will greatly reduce the size of the app as well.
- Move ./Splunk-SE-Fraud-Detection tree under ./etc/apps of your Splunk installation
- Restart Splunk
- If you included (did not delete) healthcare datasets - give app some time (30-60 minutes) to index the complete datasets. Once indexing is finished (af-cms-* indexes stopped growing) - the app is ready for use

Release Notes

Version 1.0.1
Sept. 21, 2017

109
Installs
1,072
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

Splunk Certification Program

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2017 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.