Splunk App for Enterprise Security
The Splunk App for Enterprise Security helps customers identify and address emerging security threats through the use of continuous monitoring, alerting and analytics. Suitable for a small security team or an enterprise security operations center, the app is the primary data interface for the analytics enabled security operation. * Situational awareness dashboards give custom views of risk per domain, asset, or identity * Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities * Analysis centers provide indicators of unknown threats from traffic abnormalities * Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity * Statistical outlier detection tools aid anomaly detection * Unified Threat Intelligence from many sources * Data inputs provided for NetFlow, logs, RDBMS, APIs, & more
"The best new search command in 3 years!" Comparing week-over-week results is a pain in Splunk. You have to do absurd math for crazy date calculations. NO MORE! This small app gives you a new, convenient search command called "timewrap" that does it all, for arbitrary time periods. Compare week-over-week, day-over-day, month-over-month, quarter-over-quarter, year-over-year, or any multiple (e.g. two week periods over two week periods). Just add "| timewrap w" after a 'timechart' command, and compare week-over-week. Or use 'h' (hour), 'w' (week), 'm' (month), 'q' (quarter), 'y' (year). "THIS IS AWESOME!" "Now I don't need to twist my brain to get the week vs week graphs right." "Cool thanks. Playing with timewrap now! Cool tool, especially for noobs" "Damn! And POW! Super nice!!!" "This is super!" / "So cool!" / "Love it!"
Google Maps for Splunk adds a geo-visualization module based on the Google Maps API and allows you to quickly plot geographical information on a map. Furthermore maps can be embedded in advanced dashboards.