Splunk

Splunk turns machine data into answers for real-time insights to drive better, faster security decisions.

Splunk can be used for several security use cases including log management, security monitoring, incident investigation and response, advanced and insider threat detection, compliance, and SOC automation.

Splunk allows analysts to search, report, and receive alerts for suspicious activity, and drilldown into events with rich context and detailed analysis.

Splunk can be used for several security use cases including log management, security monitoring, incident investigation and response, advanced and insider threat detection, compliance, and SOC automation.

Splunk allows analysts to search, report, and receive alerts for suspicious activity, and drilldown into events with rich context and detailed analysis.

By integrating Splunk with EndaceProbe™ Analytics Platforms and making use of Pivot-to-Packets, you’re able to drill deeper into the alert, going down to packet level, and investigate the event traffic with nanosecond precision for a more in-depth investigation into the event.

If needed, you can download the packets from EndaceProbes and analyze them in a third-party application, such as Wireshark.


Endace Fusion Connector for Splunk

Deploying EndaceProbe™ and Splunk software provides fail-safe security and network event analysis.

The Endace Fusion Connector optimizes data analysis workflow between Splunk’s monitoring and security tools and the 100% accurate network history captured and stored by the EndaceProbe.

The event level integration simplifies packet-level response and investigative processes for SecOps and NetOps teams, allowing them to complete the investigation to resolution cycle and reduce time-to-resolution (TTR).

This allows for more effective handling of network security and operations issues, reduces the impact on end users and allows for simple detection of false positives and finer-tuning of detection systems.


Fast and Simple Deployment

The Endace Fusion Connector for Splunk is available from the Endace Support Portal. The plugin is easy to install and adds minimal overhead to the performance of the application.

The ability to instantly drill down from a Splunk event alert directly to EndaceVision to view the associated network packets is invaluable, saving time and resources and accelerating root cause identification and resolution.

The Power of Integration

  • Splunk is a leading software platform for collecting and correlating machine data generated from a variety of different IT systems and infrastructure. Splunk helps customers detect network and security issues, monitor infrastructure elements and gain real-time visibility into customer experience, transactions and behaviour.
  • EndaceProbes capture and record 100% of the network traffic transiting a link, whether it is a 10Gb Ethernet (10GbE), 40GbE or 100GbE link, providing a highly detailed and accurate historical view of network traffic.
  • Integration via Endace's open, RESTful API allows Splunk users to click on an event and pivot straight to the packets of interest for deeper analysis using EndaceVision™ and EndacePackets™, which are installed on every EndaceProbe, or download for examination using third-party applications such as Wireshark®.
  • Users gain a more comprehensive view of the network with powerful search and drill-down capabilities. Visibility of network activity gives both Security Operations (SecOps) and Network Operations (NetOps) teams the ability to quickly identify anomalous activity and conduct forensic investigations.
  • Users can understand the scope of a potential threat and identify the source by simply zooming in on an event and quickly obtaining the relevant packet information.

Implementation Details

The Splunk connector, and detailed information on how to deploy

it, are available on our Endace Support Portal.

If you don't have an account, you can request one here.

Login to the Support Portal

NOTE: There is now a new V2 connector. So if you are using the V1 connector previously available from Splunkbase, we highly recommend you upgrade to gain additional functionality.

How about a Demo?

Interested in finding out how the Endace Fusion Connector for Splunk can give you access to powerful search and drill-down capabilities that lets you quickly identify anomalous activity and conduct conclusive investigations?

Yes please, sign me up

{{ errors.first('general.first_name') }}
{{ errors.first('general.last_name') }}
{{ errors.first('general.job_title') }}
{{ errors.first('general.job_function') }}
{{ errors.first('general.company') }}
{{ errors.first('general.city') }}
{{ errors.first('general.country_code') }}
{{ errors.first('general.email') }}
{{ errors.first('general.phone') }}
Please contact me by {{ errors.first('general.contacted_concat') }}
{{ errors.first('general.description') }}

{{ errors.first('general.privacy') }} {{ errors.first('general.signup') }}
  • {{ key }} - {{ value }}
Back