The QOMPLX Add-On for Splunk enables the ingestion of event data from QOMPLX’s Identity Assurance (IA) suite of services into Splunk Enterprise. QOMPLX event data is generated by streaming analysis of system logs and Active Directory authentication data to alert on some of the most devastating attack techniques involving lateral movement, privilege escalation, and credential compromise. The add-on augments existing data feeds with turnkey detections that include deterministic alerts (without false positives) for Golden Ticket, Silver Ticket, DCSync, and DCShadow attacks in near real-time, as well as heuristic-based alerts for Pass-the-Ticket, Pass-the-Hash, Overpass-the-Hash, Kerberoasting, and Skeleton Key attacks. Ingestion of additional event data is also supported, including alerts for other known attack techniques triggered by highly customizable rules built in the QOMPLX customer portal.
QOMPLX provides tools to integrate, contextualize, and analyze data from virtually any source to help organizations identify operational risk and inefficiencies throughout the enterprise. Learn more about QOMPLX at https://www.qomplx.com/.