Splunk App for Enterprise Security
A single solution to detect known threats and look for unknown threats through analysis of massive volumes of activity data. Splunk App for Enterprise Security is a scalable security intelligence platform with the flexibility to make tens of terabytes of data per day security relevant through comprehensive analysis capabilities that breaks down organizational data silos and data collection issues. * Situational awareness dashboards give custom views of risk per domain, asset, or identity * Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities * Analysis centers provide indicators of unknown threats from traffic abnormalities * Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity * Statistical outlier detection tools aid anomaly detection * Unified Threat Intelligence from many sources * Data inputs provided for NetFlow, logs, RDBMS, APIs, & more
Technology Add-On for Cisco IOS
The Cisco IOS Technology Add-On (TA) sets the correct sourcetype and fields used for identifying data from Cisco IOS, IOS XE, IOS XR, NX-OS devices Install this TA on your search head and indexers/heavy forwarders. Install the "Cisco IOS" app on your search head.
Splunk for Cisco Firewalls
This add-on has been DEPRECATED. A new add-on has been released for Cisco firewalls and can be downloaded here -> http://apps.splunk.com/app/1620/ This add-on only collects and extracts data. The add-on does not include visualizations. The Cisco Security Suite contains visualizations for Cisco Firewalls as well as other Cisco security related products. The Cisco Security Suite can be downloaded here -> http://apps.splunk.com/app/525/ ================================================= The Splunk for Cisco Firewalls technology add-on is a collection of inputs, field extractions, and other search-time knowledge that is used to drive reporting and search for data collected from Cisco firewall devices - FWSM, Pix, ASA.