- Splunk App for Enterprise Security — Provides out-of-the-box security content that delivers a “beyond-SIEM” security intelligence platform, helping customers detect known and unknown threats. This app unites IT ops and security teams in quickly performing incident investigation and root-cause analysis. It also supports all phases of security management with prebuilt real-time searches and alerts, reports and dashboards, statistical analysis and interactive investigation visualizations. New in version 3.0 is support for multiple threat intelligence feeds with deduplication, predictive analytics and native support for ingest of Netflow/IPFIX and packet capture data. Click here to watch a comprehensive demo of the Splunk App for Enterprise Security.
- Splunk App for Palo Alto Networks — Shortens the time to detection and remediation of advanced threats, including automated incident response for compromised hosts. The app ingests all security data from Palo Alto Networks security platform, which provides native visibility into all traffic, irrespective of port, protocol and encryption. Users are able to act on this data in real time, quickly indexing, searching, visualizing and reporting on intelligence from users, applications, IPS/IDS, anti-malware, URL filtering and WildFire for unknown malware and exploits. The app allows security teams to discover advanced threats and compromised hosts while simplifying a host of other compliance, regulatory and operational concerns, including automated remediation such as quickly quarantining infected users or alerting administrators if a breach happens. New in version 4.0 is compatibility with Splunk Enterprise 6, which features all dashboards in simple XML, built-in GeoIP mapping and updated UI navigation bars.
- Splunk App for Cisco Security Suite — Ingests the context-rich machine data from a variety of Cisco security products to enable organizations to analyze risk, improve security posture and compliance and address a number of additional operational and regulatory concerns. The app contains pre-built searches, reports and dashboards to visualize a wide range of data from multiple Cisco products including ASA/PIX/FWMS firewalls, Cisco Email and Web Security Appliances, Cisco Intrusion Prevention System, and Cisco Identity Services Engine.
- Splunk Integration with Norse live threat intelligence — Norse uses a global network of sensors to identify high-risk and malicious IP addresses, uncover more contextual information around these IP addresses and assign them a risk score. Norse then makes this information available in real-time through the cloud via its IPViking and Darklist services. Norse threat intelligence is offered as part of the Splunk App for Enterprise Security 3.0 for a free 30-day trial period, or it can be accessed via the new Splunk Add-on for Norse Darklist and Norse IPViking on Splunk Apps. Once in Splunk, Norse threat intelligence data can be used for incident response to identify high-risk network and endpoint activity associated with malicious IPs or to add more contextual information to an IP address to facilitate a security investigation.
Splunk Showcases Security Intelligence Solutions At RSA Conference USA 2014
Check Out Our Best Services for Investors
- $2.5+ million portfolio
- Large-cap and dividend focus
- Intraday trade alerts from Cramer
Access the tool that DOMINATES the Russell 2000 and the S&P 500.
- Buy, hold, or sell recommendations for over 4,300 stocks
- Unlimited research reports on your favorite stocks
- A custom stock screener
- Model portfolio
- Stocks trading below $10
- Intraday trade alerts