Splunk App for Enterprise Security
The Splunk App for Enterprise Security helps customers identify and address emerging security threats through the use of continuous monitoring, alerting and analytics. Suitable for a small security team or an enterprise security operations center, the app is the primary data interface for the analytics enabled security operation. * Situational awareness dashboards give custom views of risk per domain, asset, or identity * Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities * Analysis centers provide indicators of unknown threats from traffic abnormalities * Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity * Statistical outlier detection tools aid anomaly detection * Unified Threat Intelligence from many sources * Data inputs provided for NetFlow, logs, RDBMS, APIs, & more
This app provides a way to display a set of dashboards on an interval, kind of like a slideshow. This is useful for displaying content on informational big screens.
Geo Location Lookup Script (powered by MAXMIND)
Splunk for Use with MAXMIND is an application that provides geo_ip information on any public IP in your Splunk DB in a scalable fashion. The GeoIPCityLite DB is apart of the app so no internet connection is required and lookups are performed locally on your search head. The use is simple, pipe any search to ' lookup geoip clientip as <some_ip_field> ' If you do not have an IP field in your data you can use the rex command to extract one and perform a lookup Example Searches: eventtype=firewall_event | lookup geoip clientip as src_ip sourcetype=syslog | rex field=_raw "(?<ip>\d+\.\d+\.\d+\.\d+)" | lookup geoip clientip as ip This product includes GeoLite data created by: MaxMind available from: http://www.maxmind.com/