Accellion CISO Dashboard
Overview
Details
The Accellion Enterprise Content Firewall enables secure third party communication across email, file sharing, enterprise apps, mobile, web forms, managed file transfer, and SFTP. Use the Accellion CISO Dashboard Splunk App for real-time visibility of all sensitive content entering or leaving the enterprise via these communication channels.
- Powerful real-time and historical visualizations of all inbound and outbound file movement
- Spot anomalies in volume, location, domain, user, and source
- Automatic alerts on download scenarios fitting exfiltration patterns
- All files from all connected systems, whether on-prem or in the cloud
- All activity: who’s sending what to whom, when, and where
- Even results of file scans for DLP, AV, ATP are logged and reportable
Drill down to take action on anomalies with ad hoc reports:
- See all actionable details, including users, timestamps, and IP addresses
- Visibility down to the file level, the closest you can get to the content
Setup
Please find installation documentation zipped in the download file
- Integrates with your Accellion Enterprise deployment via the Splunk Universal Forwarder
- Requires Accellion kiteworks server 6.2 or higher. If you do not have an Accellion server, request an evaluation system from Accellion.
- Requires the Accellion CISO Dashboard Add-On. The Add-On collects and indexes your Accellion instance’s syslog data. The Accellion CISO Dashboard App queries that indexed data in real-time.
Release Notes
Version 1.5.0
- Added Username filter for activities in Map View
- Added ability to drill down from an Alert to a table of its associated user activities
- Improved loading performance when displaying All Activity
- Added IP address in Alert Details View
- Improved CSV import
- Bug fixes
Please note that minor IP-to-geolocation mapping differences between Splunk and Accellion can cause occasional alert location inconsistencies.
Version 1.4.0
Accellion Splunk CISO Add-On Version 1.4
- Supports the new source type "Accellion:ACF:app" with the Accellion platform server 7.0 or above.
- Supports the new suspicious download activity alert with the Accellion platform server 7.0 or above.
- Bug fixes.
Please note that minor IP-to-geolocation mapping differences between Splunk and Accellion can cause occasional alert location inconsistencies.
Version 1.2.0
Accellion Splunk CISO Dashboard App Version 1.2
- The Admin can use the new "Map Configurations" feature to assign all unknown IP addresses in the Accellion Splunk CISO Dashboard to geographic locations. You can set them manually or import a CSV file for bulk mapping.
- The new GDPR and HIPAA reports help you maintain compliance, and can save days of work preparing for audits. They are licensed offerings included in Accellion’s Advanced Governance Option package (see https://accellion.com/pricing for package details).
Version 1.0.0
Requires Accellion server 6.2 or higher. Learn more at https://www.accellion.com.
Accellion’s CISO Dashboard App for Splunk now provides:
1. Splunk Forwarder integration with the Accellion server. It forwards all file, file scanner, user, administrative, and system events to Splunk.
2. Extensive real-time visualizations:
• Geographic view with zoom and pan displaying all file traffic, logins, failed logins, and send and receive activities.
• Filters by time range, client type, email domain, region, and pass/quarantine status.
• Detailed reports for files quarantined for malware or blocked by DLP.
• Detailed graphics for top users by activity type, top email domains by activity type, and time trends by activity type.
Drill-down reports for all file actions to show fine-grained details.