Splunk turns machine data into answers for real-time insights to drive better, faster security decisions. Splunk can be used for many security use cases including log management, security monitoring, incident investigation and response, advanced and insider threat detection, compliance, and SOC automation.
Using Splunk, analysts can search for, report on, and receive alerts of suspicious activity, and drill down into security events to see rich context.
By integrating Splunk with EndaceProbe™ Analytics Platforms and making use of Pivot-to-Packets, you’re able to drill deeper into the alert - going down to packet level to see the forensic detail of precisely what took place.
See it in Action
Watch this short video demonstration to see how integrating Splunk and Cisco Firepower with the 100% accurate Network History recorded by our EndaceProbes enables accurate detection and rapid response to security threats.
Endace Fusion Splunk Connector
Deploying EndaceProbe™ and Splunk software provides fail-safe security and network event analysis.
The Endace Fusion Connector optimizes data analysis workflow between Splunk’s monitoring and security tools and the 100% accurate network history captured and stored by the EndaceProbe.
The event level integration simplifies packet-level response and investigative processes for SecOps and NetOps teams, allowing them to complete the investigation to resolution cycle and reduce time-to-resolution (TTR).
This allows for more effective handling of network security and operations issues, reduces the impact on end users and allows for simple detection of false positives and finer-tuning of detection systems.
The Power of Integration
- Splunk is a leading software platform for collecting and correlating machine data generated from a variety of different IT systems and infrastructure. Splunk helps customers detect network and security issues, monitor infrastructure elements and gain real-time visibility into customer experience, transactions and behavior.
- EndaceProbes capture and record 100% of the network traffic transiting a link, whether it is a 10Gb Ethernet (10GbE), 40GbE or 100GbE link, providing a highly detailed and accurate historical view of network traffic.
- Integration via Endace's open, RESTful API allows Splunk users to click on an event and pivot straight to the packets of interest for deeper analysis using EndaceVision™ and EndacePackets™, which are installed on every EndaceProbe, or download for examination using third-party applications such as Wireshark®.
- Users gain a more comprehensive view of the network with powerful search and drill-down capabilities. Visibility of network activity gives both Security Operations (SecOps) and Network Operations (NetOps) teams the ability to quickly identify anomalous activity and conduct forensic investigations.
- Users can understand the scope of a potential threat and identify the source by simply zooming in on an event and quickly obtaining the relevant packet information.
Implementation DetailsThe Splunk connector, and detailed information on how to deploy it, are available on our Endace Support Portal. If you don't have an account, you can request one here.
NOTE: There is now a new V3.1 connector. So if you are using an earlier version of the connector from Splunkbase, we highly recommend you upgrade to gain additional functionality.
How about a Demo?
Interested in finding out how the Endace Fusion Connector for Splunk can give you access to powerful search and drill-down capabilities that lets you quickly identify anomalous activity and conduct conclusive investigations?