Learn how Splunk Enterprise may be used to detect various forms of fraud using the example scenarios in Splunk Security Essentials for Fraud Detection. Each detection use case includes a description of how it was implemented using the Search Processing Language (SPL) and the Machine Learning Toolkit (MLTK). The use cases include example data sets so you may run them yourself. After learning about these examples you should be ready to start experimenting with similar scenarios on your own data using Splunk Enterprise.
Learn ways to detect fraudsters with Splunk software by examining the example use cases in this free app. This app uses Splunk Enterprise and the power of our Search Processing Language (SPL) to showcase working examples of fraud detection. Each use case includes sample data and searches that can be used as a reference to help implement use cases in your environment. The example use cases give analysts the ability to detect potentially fraudulent activities in healthcare insurance claims, payment card purchases and wire transfers. Each use case includes a description, an explanation of how the search works and pointers to keep in mind when implementing similar use cases on your own data.
Splunk Machine Learning Toolkit
Python for Scientific Computing
Clustered Single Value Map Visualization
All above apps can be downloaded for free from Splunkbase. When installing these apps please select the appropriate platform.
Make sure these apps are properly installed in your Splunk environment before installing this app.
Example Healthcare Insurance Billing logs
Example Credit Card transaction logs
Eventgen for wire transfer demo
The example use cases are intended to demonstrate possible detection logic. These use cases are not necessarily optimized for performance. When implementing use cases in your environment based on this logic please make sure to optimize for your specific deployment and data sets.
Splunk SPL searches
Machine Learning Toolkit
Due to very large size of the app - it may be a challenge to install it via normal, GUI way.
Here are suggested steps to install this app in a faster, more reliable manner:
- Download the app to your computer
- Unzip it manually (via WinRar or 7Zip or related linux utilities)
- If you do not need Healthcare demo - you may delete Healthcare dataset - all files under
./Splunk-SE-Fraud-Detection/DATA/af-cms* - this will greatly reduce the size of the app as well.
./Splunk-SE-Fraud-Detection tree under
./etc/apps of your Splunk installation
- Restart Splunk
- If you included (did not delete) healthcare datasets - give app some time (30-60 minutes) to index the complete datasets. Once indexing is finished (af-cms-* indexes stopped growing) - the app is ready for use
Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.