In addition to downloading the Ziften Zenith App, you must also install the Ziften agents onto your endpoints. Please contact Ziften at sales@ziften.com for information on how to get a free trial of the Ziften Zenith solution.
Features
The product is delivered with a host of out-of-the-box dashboards for easy ramp-up including:
Ziften currently provides data to the following CIM data models:
Application State
Ports
Processes
Services
Intrusion Detection
Inventory
CPU
Memory
Network
OS
User
Network Traffic
Performance
CPU
Memory
Network
Vulnerabilities
Updated configuration files to properly read timestamps from modular input streams
Updated eventgen config and sample data
New Features / Enhancements:
- Added CIM support and data generation for
* Malware
* IDS
* Vulnerabilities
- Enhanced support for Splunk for Enterprise Security.
- Enhanced support for OS X endpoints.
- Enhanced logging and monitoring dashboards for Ziften modular inputs.
- Enhanced tracking when syncing from multiple Ziften data sources.
- Optimization for malware alerts.
- Short name aliases for commonly searched Ziften data fields.
Bug Fixes:
- Splunk 6.2 dashboard compatibility and fixes.
- Fixed issue with data duplication when both Ziften App for Splunk and TA-Ziften are installed and data is being synced from a Ziften server source.
- Fixed Splunk Enterprise Windows compatibility issue with modular inputs
New Features / Enhancements:
- Added CIM support and data generation for
* Malware
* IDS
* Vulnerabilities
- Enhanced support for Splunk for Enterprise Security.
- Enhanced support for OS X endpoints.
- Enhanced logging and monitoring dashboards for Ziften modular inputs.
- Enhanced tracking when syncing from multiple Ziften data sources.
- Optimization for malware alerts.
- Short name aliases for commonly searched Ziften data fields.
Bug Fixes:
- Splunk 6.2 dashboard compatibility and fixes.
- Fixed issue with data duplication when both Ziften App for Splunk and TA-Ziften are installed and data is being synced from a Ziften server source.
• Fully CIM compliant
• Enhanced modular inputs for consuming Ziften data
• New dashbaords for interactive analysis of your Ziften data
• New anomaly detections for your Ziften data
• Security based alerts that tie network-based feeds to Ziften binary data
• Reports that tie Ziften binary data to binary threat feeds
• User propagation threat alerts (when users are logging in to systems multiple times)
• Vulnerable binary threat alerts
• Security threat drill downs for network, binary and system based alerts
• Forensics based ability tying endpoint context and attribution to NetFlow
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.