Latest Version 1.0.4
December 21, 2018
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. Learn more
Corvil Add-on for Splunk Enterprise Security
Corvil Security Analytics enables Security Ops teams to achieve more effective detection, investigation and response for network-based security threats, by leveraging Corvil's powerful network traffic analysis, anomaly detect and forensics capabilities.
Built by
Compatibility
Not Available
Platform Version: 7.2, 7.1, 7.0
CIM Version: 4.x
Rating
0
(0)
Log in to rate this app
Support
Not Supported
Corvil Security Analytics enables Security Ops teams to achieve more effective detection, investigation and response for network-based security threats, by leveraging Corvil's powerful network traffic analysis, anomaly detect and forensics capabilities.
This Corvil Add-on for Splunk Enterprise Security includes the following features:
1) Automatic CIM mapping for Corvil Security Analytics stream events, so they are searchable and can be correlated based on normalized Splunk CIM tags and fields, within Splunk Enterprise Security.
2) Adaptive Response action: "Track as Suspicious Host" - which enables a user within Splunk Enterprise Security to initiate and access full packet capture for the host involved in the notable event from which the adaptive response action was invoked.
Important note - The "Corvil Connector for Splunk" must be installed, configured and operational before using this add-on.
Categories
Created By
Corvil Connectors
Type
addon
Downloads
588
Licensing
Splunk Answers
Resources
Log in to report this app listing