The ReversingLabs TitaniumScale visualization application for Splunk is a custom security and threat intelligence visualization solution that interprets extensive sets of ReversingLabs TitaniumScale file analysis reports on the Splunk platform.
The Splunk platform receives JSON reports over HTTP or HTTPS from the TitaniumScale product and enables detailed search and interpretation of analyzed files through this application.
By providing visualizations of potentially harmful and malicious files, this application can prevent potential malware from harming the user environment by detecting it and making it visible to threat analysts.
ReversingLabs TitaniumScale provides advanced static file analysis methods and file visibility for exposing potential attacks before they strike.
“TitaniumScale helps enterprises form a comprehensive assessment of millions of files from web traffic, email, file transfers, endpoints or storage. The solution uses unique ReversingLabs File Decomposition technology to extract detailed metadata, add global reputation context and classify threats.”
The ReversingLabs TitaniumScale visualization app for Splunk can be used for:
1. Breaking down analyzed files by type
2. Displaying file type statistics
3. Summarizing files by threat level
4. Displaying threat type statistics
5. Searching file reports by:
- File names or hash values
- Threat names
- File types
- Import hashes
- YARA matches
$SPLUNK_HOME/bin/splunk remove app reversinglabs username:password
Additional documentation is available in the app package under appserver/static/ in the form of a PDF user manual document.
ReversingLabs TitaniumScale visualization for Splunk version 1.0.1
- minor configuration changes
- added a detailed user manual
The app provides detailed search, visualization and analysis of ReversingLabs TitaniumScale file report data.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.