Splunk App for Enterprise Security
The Splunk App for Enterprise Security helps customers identify and address emerging security threats through the use of continuous monitoring, alerting and analytics. Suitable for a small security team or an enterprise security operations center, the app is the primary data interface for the analytics enabled security operation. * Situational awareness dashboards give custom views of risk per domain, asset, or identity * Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities * Analysis centers provide indicators of unknown threats from traffic abnormalities * Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity * Statistical outlier detection tools aid anomaly detection * Unified Threat Intelligence from many sources * Data inputs provided for NetFlow, logs, RDBMS, APIs, & more
Encrypt and Decrypt data within Events
The purpose of this distribution is to create an easy way to encrypt data within events and decrypt data at search time depending on the role. Read the README.txt on set up and usage. The basic idea is to first encrypt data within an event and produce a new file with the same content as before, but with the data matching group(1) in a regular expression encrypted and saved on disk using base64. The next thing to do is index the newly required file into Splunk with a sourcetype. At search time, you will then be able to decrypt the data. Read the README.txt for installation and usage. Two experimental dashboards have been added for Splunk 6+ that you can use in your own app. PLEASE NOTE: Use as is as this is a reference implementation.
Splunk Add-on for Microsoft Windows
The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.