Splunk App for Enterprise Security
The Splunk App for Enterprise Security helps customers identify and address emerging security threats through the use of continuous monitoring, alerting and analytics. Suitable for a small security team or an enterprise security operations center, the app is the primary data interface for the analytics enabled security operation. * Situational awareness dashboards give custom views of risk per domain, asset, or identity * Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities * Analysis centers provide indicators of unknown threats from traffic abnormalities * Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity * Statistical outlier detection tools aid anomaly detection * Unified Threat Intelligence from many sources * Data inputs provided for NetFlow, logs, RDBMS, APIs, & more
The Cisco IOS app includes dashboards, data models and logic for analyzing data from Cisco IOS, IOS XE, IOS XR and NX-OS devices Install this app on your search head. Install the TA-cisco_ios app on your search head AND indexers. This version requires TA-cisco_ios 2.0.0 or later. Supported Cisco Devices: * Cisco Catalyst series switches (2960, 3650, 3750, 4500, 6500, 6800, 7600 etc.) * Cisco ASR - Aggregation Services Routers (900, 1000, 5000, 9000 etc.) * Cisco ISR - Integrated Services Routers (800, 1900, 2900, 3900, 4451 etc.) * Cisco Nexus Data Center switches (1000V, 2000, 3000, 4000, 5000, 6000, 7000, 9000 etc.) * Other Cisco IOS based devices (Metro Ethernet, Industrial Ethernet, Blade Switches, Connected Grid etc.) Preliminary support for: * Cisco WLC - WLAN Controller
S.o.S - Splunk on Splunk
Splunk on Splunk (S.o.S) is an app that turns Splunk's diagnostic tools inward to analyze and troubleshoot problems in your Splunk environment. It contains views and tools that allow you to do the following: * View, search and compare Splunk configuration files. * Detect and expose errors and anomalies in your installation, including inspection of crash logs. * Measure indexing performance and expose event processing bottlenecks. * View details of scheduler and user-driven search activity. * Analyze data volume metrics captured by Splunk. The SoS app has been developed primarily by the Splunk Support team, with the help of Splunk Dev, Splunk Docs, and Sideview LLC (http://sideviewapps.com).