For more information about Spunk contact us.
Endace Fusion Connector for Splunk
Deploying EndaceProbe™ Network Recorders and Splunk software provides fail-safe security and network event analysis.
The Endace Fusion Connector for Splunk optimizes data analysis workflow between Splunk’s industry-leading monitoring and security tools and the accurate network history captured and stored by EndaceProbes. This integration makes it easy for SecOps and NetOps teams to respond to events and investigate issues at the network packet level quickly and efficiently. As a result, issues can be identified, investigated and remediated faster, reducing time-to-resolution (TTR).
By integrating Splunk and Endace technologies at the 'event’ level, NetOps and SecOps teams can complete the detection and investigation cycle more efficiently by determining the root cause of network security and operational issues faster and more accurately. As a result, they can contain real network security and operations issues more effectively, reduce the impact on end users, detect false positives more quickly and better ‘tune’ detection systems.
- Splunk is a leading software platform for collecting and correlating machine data generated from a variety of different IT systems and infrastructure. Splunk helps customers detect network and security issues, monitor infrastructure elements and gain real-time visibility into customer experience, transactions and behavior
- EndaceProbes capture and record 100% of the network traffic transiting a link, whether it is a 10Gb Ethernet (10GbE), 40GbE or 100GbE link, providing a highly detailed and accurate historical view of network traffic
- Integration via Endace's open, RESTful API allows Splunk users to click on an event and pivot straight to the packets of interest for deeper analysis using tools such as EndaceVision™ and EndacePackets™, which are installed on every EndaceProbe, or third-party applications such as Wireshark®
- Users gain a more comprehensive view of the network with powerful search and drill-down capabilities. Visibility of network activity gives both Security Operations (SecOps) and Network Operations (NetOps) teams the ability to quickly identify anomalous activity and conduct forensic investigations
- Users can understand the scope of a potential threat and identify the source by simply zooming in on an event and quickly obtaining the relevant packet information.
Deployment Made Easy
The Endace Fusion Connector for Splunk is available through Splunk Apps. The plugin is easy to install and adds minimal overhead to the performance of the application.
The ability to instantly drill down from a Splunk event alert directly to the associated network packets is invaluable, saving time and resources and accelerating root cause identification and resolution.
For further information about the Endace Fusion Connector for Splunk, including setup and configuration information, please refer to the Endace Fusion Connector Guide: