Use Network Behavior Analytics for Splunk to identify malware and suspicious behavior within your networks. Before installing the application, you should be capturing DNS requests from your name servers or infrastructure, and ideally logging IP network traffic from your firewalls or Splunk Stream.
Install the application within Splunk by browsing to Apps > Manage Apps > Find more apps online, and searching for Network Behavior Analytics, or uploading the package to your Search Head.
Once installed, please follow the configuration and activation steps found within https://www.alphasoc.com/docs/.
By default, this application uses the AlphaSOC Analytics Engine running in a secure enclave in Google Cloud Platform to score network traffic and uncover threats. To deploy an on-premise virtual appliance, please contact firstname.lastname@example.org to receive a package and deployment instructions.
The AlphaSOC Analytics Engine API endpoints and source code are audited annually by NCC Group. We have also published a white paper which details the secure enclave architecture and security controls.
Support is available via email to email@example.com or by leaving a message via +1 (888) 978-4915. While we respond to most support cases immediately, we aim to respond via email within 2 hours.
- Added support for the Corelight / Zeek DHCP event format
- Added TLS field (e.g. JA3) and X.509 certificate processing via the Certificates data model
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.