Splunk App for Enterprise Security
A single solution to detect known threats and look for unknown threats through analysis of massive volumes of activity data. Splunk App for Enterprise Security is a scalable security intelligence platform with the flexibility to make tens of terabytes of data per day security relevant through comprehensive analysis capabilities that breaks down organizational data silos and data collection issues. * Situational awareness dashboards give custom views of risk per domain, asset, or identity * Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities * Analysis centers provide indicators of unknown threats from traffic abnormalities * Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity * Statistical outlier detection tools aid anomaly detection * Unified Threat Intelligence from many sources * Data inputs provided for NetFlow, logs, RDBMS, APIs, & more
Add-on for Bro-IDS
This is a simple Add-on which sourcetypes and does index-time field extraction for Bro-IDS logs. Rather than trying to know all the fields in all of the Bro log files, This add-on simply does header field extraction from the "#fields" line in [name].log for any file that matches '/.../bro/logs/*/*', and changes the sourcetype to bro_[name]. This should make this add-on less prone to breaking when the output format of Bro changes, or when log types are added and/or removed. Another benefit is that if log format changes, old and new logs will both continue to have correct fields. The downside to this approach are the same as any index-time field extraction. Index size may be increased and search performance may be reduced, and once the logs are input they are stuck with the fields they came with. Some parts may be inspired by or derived from the Security Onion app by Brad Shoop and TA-Bro by Cedric Le Roux
Google Maps for Splunk adds a geo-visualization module based on the Google Maps API and allows you to quickly plot geographical information on a map. Furthermore maps can be embedded in advanced dashboards.