Splunk App for Enterprise Security
A single solution to detect known threats and look for unknown threats through analysis of massive volumes of activity data. Splunk App for Enterprise Security is a scalable security intelligence platform with the flexibility to make tens of terabytes of data per day security relevant through comprehensive analysis capabilities that breaks down organizational data silos and data collection issues. * Situational awareness dashboards give custom views of risk per domain, asset, or identity * Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities * Analysis centers provide indicators of unknown threats from traffic abnormalities * Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity * Statistical outlier detection tools aid anomaly detection * Unified Threat Intelligence from many sources * Data inputs provided for NetFlow, logs, RDBMS, APIs, & more
Ever wonder what the realtime PING status is for an IP, DNS or a URL that is in your event AFTER it has been indexed? You may want to know if the address is up or down and if there is a significant delay to get to it. The pingstatus command is a convenient way to ping your address field. The README.txt provides usage and instructions on how to install and test it. Your Splunk instance must be running as root or sudo root access to call the ICMP protocol, which is what this uses from acknowledged public domain sources. NOTE: when starting Splunk as a root or Admin user, do NOT revert back to starting Splunk as a non-root or non-Admin user as the Splunk index files will be owned by root or Admin and Splunkd will not have permission to access them as an underprivileged user. If you do make this mistake, stop Splunk, and use the chown or equivalent command to make all files under Splunk owned by the same user.
Splunk App for Unix and Linux
The Splunk App for Unix and Linux provides rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment. The Splunk App for Unix and Linux is easy to deploy and comes with configurable data inputs allowing you to quickly provision new Unix and Linux hosts and services. The Splunk App for Unix and Linux is compatible with Splunk 5.x and 6.x. The Splunk App for Unix and Linux is not supported on any version of Internet Explorer because it makes heavy use of scalable vector graphics (SVG), a standard for which IE has limited support. It can, however, be used on any other Splunk-supported browser.