Splunk App for Enterprise Security
A single solution to detect known threats and look for unknown threats through analysis of massive volumes of activity data. Splunk App for Enterprise Security is a scalable security intelligence platform with the flexibility to make tens of terabytes of data per day security relevant through comprehensive analysis capabilities that breaks down organizational data silos and data collection issues. * Situational awareness dashboards give custom views of risk per domain, asset, or identity * Incident Review provide analysis workflows that reveal the priority of the incident, incident context, and impact on assets and identities * Analysis centers provide indicators of unknown threats from traffic abnormalities * Correlation tools enable monitoring for new attackers by correlating new domain registration with web activity * Statistical outlier detection tools aid anomaly detection * Unified Threat Intelligence from many sources * Data inputs provided for NetFlow, logs, RDBMS, APIs, & more
ftp status command
Ever wonder if an address in your event has an anonymous ftp server running? This could be one of your own addresses in your data center where running an anonymous ftp site is supposed to be prohibited. This is a Splunk command called ftpstatus that returns in real-time a status to see if anonymous ftp is running on the address in question. Usage: | ftpstatus The distribution comes with a sample_addresses.log file that gets indexed into your sample index. (Make sure you have a sample index if you are going to use the sample data). You can do things like: index="sample" sourcetype="sample_addresses" address!=""|rename address as ftp_address| ftpstatus| table ftp_address, ftpstatus Read the README.txt for installation instructions
Splunk Add-on for Microsoft Windows
The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.