icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Accedian Skylight powered Security
SHA256 checksum (accedian-skylight-powered-security_122.tgz) 7f21c7f396fc64d6b7db63b79e9308efc1c30c6fa7ec686f382a8d0cbf2e956c SHA256 checksum (accedian-skylight-powered-security_121.tgz) 244bd6dbe787d062105614e8f5de735de66cb72d7995103d6955c83265e9ac9e SHA256 checksum (accedian-skylight-powered-security_120.tgz) 0df89bd7e2736a9d80ed34573da0773b15db89a11c2d96af0416c0c9b3b584cc SHA256 checksum (accedian-skylight-powered-security_111.tgz) d47c953deddabbd66b7c46256504ac44e6980d995e9c2dd2706eb39b1f8e5c1d SHA256 checksum (accedian-skylight-powered-security_110.tgz) c32725fb81cf12a9e6e9e334e39d158a4525fbb4cf431f0ba25a1a52d54040e0 SHA256 checksum (accedian-skylight-powered-security_106.tgz) 6e7755c6828447c91d2138c279e3651083e10c99f1ed19fd4a2f0c867f3baf7f SHA256 checksum (accedian-skylight-powered-security_105.tgz) 739b13ada7163f7fedbf43d56705273741c3148b7400c5b9a5afd52df7f5b243 SHA256 checksum (accedian-skylight-powered-security_104.tgz) bb94a8ba2d5c1a2bdeb363f3a0f96da68d3766a70600a918c4076750553882e2 SHA256 checksum (accedian-skylight-powered-security_102.tgz) 29a67e8363c353e13c183fa88953e1a6a5bb4c2e652d1bd6bb7cae425af3abc5 SHA256 checksum (accedian-skylight-powered-security_101.tgz) b4dbdafdf555b5b566991a5f80e451fbfc315636bc547ba1ee97a8b63b05122a
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Accedian Skylight powered Security

Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Accedian Skylight provides advanced threat detection, investigation, and long-term retention of high-definition forensic source data.

Gain full security visibility, including north-south and east-west visibility (server to server communication) across all networks, with Accedian Skylight—behaviour-based intrusion detection for today's hybrid environments. This ready-to-use solution, developed specifically for security analytics team, is simple to use, quick to get started, and aimed at helping you focus on what's important so that your time is spent as effectively as possible.

List of Required Apps:
TA Accedian Skylight powered Security https://splunkbase.splunk.com/app/4702/
Lookup File Editor https://splunkbase.splunk.com/app/1724/
Sankey Diagram - Custom Visualization https://splunkbase.splunk.com/app/3112/
Punchcard - Custom Visualization https://splunkbase.splunk.com/app/3129/
Parallel Coordinates - Custom Visualization https://splunkbase.splunk.com/app/3137/
Force Directed App For Splunk https://splunkbase.splunk.com/app/3767/
Splunk Common Information Model (CIM) https://splunkbase.splunk.com/app/1621/
URL Toolbox https://splunkbase.splunk.com/app/2734/

Installation Manual:
Accedian Skylight powered Security Installation Manual for Splunk: https://accedian.com/wp-content/uploads/2020/02/Accedian-Skylight-powered-Security-app-for-Splunk-Installation-manual-v-1.0.6_.pdf

The following features are included in the Skylight powered Security app:
- Visibility of your entire operational environment on the incident posture dashboard available in seconds
- Alerts sent to your preferred messenger(s) with minimal false-positive rates
- Built-in threat intelligence monitoring, plus custom TI feeds
- Enriched user and host context associated with each alert
- Suggested next investigation steps to help you decide if an issue is a true threat and to get to the bottom of it quickly
- Ability to review and adjust incident urgency to improve operations scheduling
- Complete visibility for issue status – new, in progress and resolved
- On-premises and cloud deployment available
- 10+ Gb/s monitoring throughput
- Well-suited and scalable for telecom, large enterprise and distributed physical and virtual networks (SDNs)
- Long-term retention of forensic quality source data including 100% of application security protocol transactions at 1 minute reporting interval (detailed granularity with easy to select time frame options)

Release Notes

Version 1.2.2
Sept. 14, 2020

- Fixed SMB delete and SMB share scanning detections
- Fixed DGA ML detection
- Changed default schedule for alerts

Added new detection:
- Suspicious DCE/RPC
- Suspicious Named pipes
- Executable Read/Write to admin share
- Cobalt strike SMB beacon
- SMB beaconing by time
- SMB beaconing by size
- HTTP beaconing by size
- DNS beaconing by time
- Threat Activity detected(Connection to malicious IP address)
- Threat Activity detected(Connection to malicious Domain)

Beaconing detection by time changes:
- Begin time used instead of default time
- Time in event changed from 'lastTime' to 'First time'

Version 1.2.1
Aug. 14, 2020

- Improved Skylight Sensors indicator.
- Improved Network Graph Connection dashboard.
- Fixed some bugs.
- Updated Data Exfiltration alert.
- Added new alert: Empire detection.

Version 1.2.0
July 15, 2020

Version 1.1.1
May 8, 2020

- Improved whitelist functionality.
- Added asset inventory
- Added multi-site support
- Fixed bugs

Version 1.1.0
March 12, 2020

- Improved Dashobards efficiency using Data Model acceleration.
- Improved Alerts efficiency using Data Model acceleration.
- Improved whitelist functionality.
- Fixed bugs.

Version 1.0.6
Feb. 13, 2020

Version 1.0.5
Jan. 14, 2020

Version 1.0.4
Dec. 12, 2019

-New and improved detection scenarios;
-Added detailed cipher info into SSl Activity dashboard;
-Possibility to change the status for several tickets;
-Added white list functionality for alerts;
-Added Skylight sensor connection indicator;
-Fixed bugs.

Version 1.0.2
Sept. 19, 2019

Version 1.0.1
Sept. 18, 2019


Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.