Splunk App for Enterprise Security
A single solution to detect known threats and look for unknown threats through analysis of massive volumes of activity data. Splunk App for Enterprise Security is a scalable security intelligence platform with the flexibility to make tens of terabytes of data per day security relevant through comprehensive analysis capabilities that breaks down organizational data silos and data collection issues. * Situational awareness dashboards give custom views of risk per domain, asset, or identity * Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities * Analysis centers provide indicators of unknown threats from traffic abnormalities * Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity * Statistical outlier detection tools aid anomaly detection * Unified Threat Intelligence from many sources * Data inputs provided for NetFlow, logs, RDBMS, APIs, & more
Telnet Status Command
Ever wonder if an address in your event can be connected via telnet? This could be one of your own addresses in your data center where running a telnet server is supposed to be prohibited. This is a Splunk command called telnetstatus that returns in real-time a status to see if a telnet server is running on the address in question. It takes as input a telnet_address field, which you can create by using | rename as telnet_status> and it returns a telnetstatus field. Possible return values per address are LoginFound, LoginNotFound, and None (Connection not made). Read the README.txt for installation.
PDF Report Server - install on Linux only
The PDF Report Server add-on enables your Linux-based Splunk instance to generate emailed reports in PDF format. IMPORTANT: it is only compatible with Intel-based Linux systems and requires the Xvfb and xauth operating system packages to be installed. See the documentation for further details. Instances of Splunk running on non-Linux OS's (Solaris, Windows, etc.) cannot run the PDF Report Server, but they can be configured to use a remote Linux-based Splunk server with this add-on installed to generate PDFs. This add-on requires an Enterprise license and will not work with a Free license. For more information, see: http://www.splunk.com/base/Documentation/4.1/Installation/ConfigurePDFprintingforSplunkWeb