This app is archived. Learn more

Beyond Identity Splunk Add-on

Beyond Identity + Splunk: Beyond Identity’s integration with Splunk feeds real-time data about the users and devices attempting to access your critical cloud resources across applications. When Splunk is integrated with Beyond Identity, security teams can ensure only secured devices and authorized users access company data. This stops all password-based attacks and definitively blocks lateral movement, feeding real-time risk signals into Splunk Enterprise Security to help improve threat detection and incident response. Beyond Identity continuously gathers data concerning the security posture of registered devices and forces their adherence to organizational device security policies. Real-time risk-based authentication is informed by dozens of user and device risk signals during each login - enabling customers to enforce continuous, dynamic access control across the cloud applications and resources used to operate your organization. When Splunk is integrated with Beyond Identity, security teams get: Strong Authentication Beyond Identity eliminates passwords as an authentication method and cryptographically binds user identity to the device via the secure TPM hardware on the device. This eliminates credential-based attacks and provides a very high assurance of the user identity before allowing access to critical SaaS resources. Granular Risk Signals and Immutable Logs Beyond Identity captures granular device security posture data at the exact time of login such as operating system version, security software state, and device type. Authentication event data is captured and aggregated in the Beyond Identity Administrative Portal for every login attempt. Identify Risky Users Beyond Identity stops unauthorized users and rejects devices from authentication if they do not meet an organization’s security requirements. Unauthorized devices that are not bound to a valid identity are stopped from authenticating. All authentication data is fed into Splunk and normalized to inform threat detection defense Event Mapping to CIM Beyond Identity injects data from every authentication attempt into Splunk’s Common Information Model to extract insights about the security posture of device-bound users, their authentication attempts, and the rejection of those who failed to satisfy device security requirements. Supported Versions: Splunk Enterprise: Version 8.2, 8.1 Python: Version 3.6 Get the Add-on: **Please contact Beyond Identity support at support@beyondidentity.com to collect configuration details including API URL and API key (token)**

Built by George Jenkins

Latest Version 1.0.6

April 19, 2024

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0

CIM Version: 5.x, 4.x

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Learn more

Beyond Identity + Splunk: Beyond Identity’s integration with Splunk feeds real-time data about the users and devices attempting to access your critical cloud resources across applications. When Splunk is integrated with Beyond Identity, security teams can ensure only secured devices and authorized users access company data. This stops all password-based attacks and definitively blocks lateral movement, feeding real-time risk signals into Splunk Enterprise Security to help improve threat detection and incident response. Beyond Identity continuously gathers data concerning the security posture of registered devices and forces their adherence to organizational device security policies. Real-time risk-based authentication is informed by dozens of user and device risk signals during each login - enabling customers to enforce continuous, dynamic access control across the cloud applications and resources used to operate your organization. When Splunk is integrated with Beyond Identity, security teams get: Strong Authentication Beyond Identity eliminates passwords as an authentication method and cryptographically binds user identity to the device via the secure TPM hardware on the device. This eliminates credential-based attacks and provides a very high assurance of the user identity before allowing access to critical SaaS resources. Granular Risk Signals and Immutable Logs Beyond Identity captures granular device security posture data at the exact time of login such as operating system version, security software state, and device type. Authentication event data is captured and aggregated in the Beyond Identity Administrative Portal for every login attempt. Identify Risky Users Beyond Identity stops unauthorized users and rejects devices from authentication if they do not meet an organization’s security requirements. Unauthorized devices that are not bound to a valid identity are stopped from authenticating. All authentication data is fed into Splunk and normalized to inform threat detection defense Event Mapping to CIM Beyond Identity injects data from every authentication attempt into Splunk’s Common Information Model to extract insights about the security posture of device-bound users, their authentication attempts, and the rejection of those who failed to satisfy device security requirements. Supported Versions: Splunk Enterprise: Version 8.2, 8.1 Python: Version 3.6 Get the Add-on: **Please contact Beyond Identity support at support@beyondidentity.com to collect configuration details including API URL and API key (token)**