Splunk Fusion Connector
Spunk is a Security Information and Event Management (SIEM) tool that aggregates and consolidates large amounts of machine data and allows you to make sense of it.
SIEM can be used to operate security operations centers and provides security analytics capabilities plus valuable context and insights to help security teams make faster and smarter security decisions.
The SIEM interface gives you alerts for suspicious activity and allows you to dig deep into the event with rich context and a detailed description of what happened.
By integrating the SIEM with EndaceProbe™ Analytics Platforms and making use of Pivot-to-Packets, you’re able to drill deeper into the alert, going down to packet level, and investigate the event traffic with nanosecond precision for a more in-depth investigation into the event.
If needed, you can download the packets from EndaceProbes and analyze them in a third-party application, such as Wireshark.
Endace Fusion Connector for Splunk
Deploying EndaceProbe™ and Splunk software provides fail-safe security and network event analysis.
The Endace Fusion Connector optimizes data analysis workflow between Splunk’s monitoring and security tools and the 100% accurate network history captured and stored by the EndaceProbe.
The event level integration simplifies packet-level response and investigative processes for SecOps and NetOps teams, allowing them to complete the investigation to resolution cycle and reduce time-to-resolution (TTR).
This allows for more effective handling of network security and operations issues, reduces the impact on end users and allows for simple detection of false positives and finer-tuning of detection systems.
Fast and Simple Deployment
The Endace Fusion Connector for Splunk is available through Splunk Apps. The plugin is easy to install and adds minimal overhead to the performance of the application.
The ability to instantly drill down from a Splunk event alert directly to the associated network packets is invaluable, saving time and resources and accelerating root cause identification and resolution.
The Power of Integration
- Splunk is a leading software platform for collecting and correlating machine data generated from a variety of different IT systems and infrastructure. Splunk helps customers detect network and security issues, monitor infrastructure elements and gain real-time visibility into customer experience, transactions and behaviour.
- EndaceProbes capture and record 100% of the network traffic transiting a link, whether it is a 10Gb Ethernet (10GbE), 40GbE or 100GbE link, providing a highly detailed and accurate historical view of network traffic.
- Integration via Endace's open, RESTful API allows Splunk users to click on an event and pivot straight to the packets of interest for deeper analysis using tools such as EndaceVision™ and EndacePackets™, which are installed on every EndaceProbe, or third-party applications such as Wireshark®.
- Users gain a more comprehensive view of the network with powerful search and drill-down capabilities. Visibility of network activity gives both Security Operations (SecOps) and Network Operations (NetOps) teams the ability to quickly identify anomalous activity and conduct forensic investigations.
- Users can understand the scope of a potential threat and identify the source by simply zooming in on an event and quickly obtaining the relevant packet information.
The Splunk connector is available on Splunkbase here.
Detailed information on how to deploy the Splunk connector is available on our Endace Support Portal. If you don't have an account, you can request one here.
How about a Demo?
Interested in finding out how the Endace Fusion Connector for Splunk can give you access to powerful search and drill-down capabilities that lets you quickly identify anomalous activity and conduct conclusive investigations?