This is the TA for the Accedian Skylight powered Security App: https://splunkbase.splunk.com/app/4691/
Accedian Skylight provides advanced threat response, investigation, and long-term retention of high-definition forensic source data.
Gain full security visibility, including north-south and east-west visibility (server to server communication) across all networks, with Accedian Skylight—behaviour-based intrusion detection for today's hybrid environments. This ready-to-use solution, developed specifically for security analytics team, is simple to use, quick to get started, and aimed at helping you focus on what's important so that your time is spent as effectively as possible.
Current version 2.2.0
Compatible with PVX version 20.4
We highly recommend running this Splunk App on Linux.
The following features are included in the Skylight powered Security app:
- Visibility of your entire operational environment on the incident posture dashboard available in seconds
- Alerts sent to your preferred messenger(s) with minimal false-positive rates
- Built-in threat intelligence monitoring, plus custom TI feeds
- Enriched user and host context associated with each alert
- Suggested next investigation steps to help you decide if an issue is a true threat and to get to the bottom of it quickly
- Ability to review and adjust incident urgency to improve operations scheduling
- Complete visibility for issue status – new, in progress and resolved
- Detection of new Ransomware with our ML engine
- On-premises and cloud deployment available
- 10+ Gb/s monitoring throughput
- Well-suited and scalable for telecom, large enterprise and distributed physical and virtual networks (SDNs)
- Long-term retention of forensic quality source data including 100% of application security protocol transactions at 1 minute reporting interval (detailed granularity with easy to select time frame options)