The following features are included in the Skylight powered Security app:
- Visibility of your entire operational environment on the incident posture dashboard available in seconds
- Alerts sent to your preferred messenger(s) with minimal false-positive rates
- Built-in threat intelligence monitoring, plus custom TI feeds
- Enriched user and host context associated with each alert
- Suggested next investigation steps to help you decide if an issue is a true threat and to get to the bottom of it quickly
- Ability to review and adjust incident urgency to improve operations scheduling
- Complete visibility for issue status – new, in progress and resolved
- On-premises and cloud deployment available
- 10+ Gb/s monitoring throughput
- Well-suited and scalable for telecom, large enterprise and distributed physical and virtual networks (SDNs)
- Long-term retention of forensic quality source data including 100% of application security protocol transactions at 1 minute reporting interval (detailed granularity with easy to select time frame options)
Added new security detections:
- SMB share scanning detection
- SMB file enumeration
Improved security detections:
- DNS tunneling
- Web traffic to Dynamic DNS providers
- Protocols or Port mismatch
- VPN traffic
- SQL injection
- Weak encryption
Adjusted throttle of security detections:
- Connection to the host from the high risky country
- Detect Web traffic to dynamic domain providers
- Internal hosts Query to non-corporate DNS
- Outbound SMB Traffic
- Possible Empire Powershell HTTP beacon communication
- Prohibited Network traffic Allowed
- Protocol or port mismatch
- Scanner's User-Agents
- VPN Traffic
Added new detection:
- Suspicious DCE/RPC
- Suspicious Named pipes
- Executable Read/Write to admin share
- Cobalt strike SMB beacon
- SMB beaconing by time
- SMB beaconing by size
- HTTP beaconing by size
- DNS beaconing by time
- Threat Activity detected(Connection to malicious IP address)
- Threat Activity detected(Connection to malicious Domain)
Beaconing detection by time changes:
- Begin time used instead of default time
- Time in event changed from 'lastTime' to 'First time'
-New and improved detection scenarios;
-Added detailed cipher info into SSl Activity dashboard;
-Possibility to change the status for several tickets;
-Added white list functionality for alerts;
-Added Skylight sensor connection indicator;
-Fixed bugs.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.