勉強部屋 > Splunk
Splunk
お客様は、サーバーや各種機器、ネットワークやクラウド環境等に囲まれています。私たちは、そこから生成されるありとあらゆるデータを見ています。SplunkR は業界をリードするオペレーショナルインテリジェンスのプラットフォームです。つい見落とされがちな膨大なマシンデータをさまざまな視点で注意深く探っていくことで、今まで見つけられなかったビジネス上の洞察を見つけ出します。データに基づく洞察は、お客様の会社の生産性や利益を向上し、競合優位にし、より安全性を高めることに貢献します。Splunkがどのようにお役に立てるか、ぜひお問い合わせください。
Apps & Add-on
-
Splunk Enterprise Security gives teams the insight to quickly detect and respond to internal and external attacks, to simplify threat management while minimizing risk. ES helps teams gain organization-wide visibility and security intelligence for continuous monitoring, incident response, SOC operations, and providing executives a window into business risk.
? Continuously Monitor: get a clear picture of security posture using pre-defined dashboards, key security and performance indicators, static & dynamic thresholds, and trending indicators
? Prioritize and Act: optimize incident response workflows with alerts, centralized logs, and pre-defined reports and correlations
? Conduct Rapid Investigations: use ad-hoc search and static, dynamic and visual correlations to detect malicious activities
? Handle Multi-step Investigations: trace activities associated with compromised systems and apply the kill-chain methodology to see the attack lifecycle
Splunk ES is a premium security solution requiring a paid license Google Maps Add-on for Splunk Enterprise
--- Check out Custom Cluster Map Visualization for a similar visualization for the latest version of Splunk ---
Google Maps for Splunk adds a geo-visualization module based on the Google Maps API and allows you to quickly plot geographical information on a map. Furthermore maps can be embedded in advanced dashboards.Palo Aloto Networks App for Splunk
Palo Alto Networks and Splunk have partnered to deliver an advanced security reporting and analysis tool. The collaboration delivers operational reporting as well as simplified and configurable dashboard views across Palo Alto Networks family of next-generation firewalls.
Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks firewalls with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool. This app enables security analysts, administrators, and architects to correlate application and user activities across all network and security infrastructures from a real-time and historical perspective. Complicated incident analysis that previously consumed days of manual and error-prone data mining can now be completed in a fraction of the time, saving not only manpower but also enabling key enterprise security resources to focus on critical, time-sensitive investigations.Splunk Add-on for Microsoft Windows
The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.
-
The Splunk Add-on for Nessus allows a Splunk software administrator to collect Nessus vulnerability scan data from Nessus 6.X via the Nessus REST API. After the Splunk platform indexes the events, you can analyze the data using the prebuilt dashboard panels included with the add-on. The add-on retains support for Nessus 5.X collection for backwards compatibility. This add-on provides the inputs and CIM-compatible knowledge to use the add-on with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.
-
Splunk App for Stream is a scalable and easy-to-configure software solution that captures real-time streaming wire data from anywhere in your datacenter or from any public Cloud infrastructure.
Benefit from this new class of data in Splunk and correlate it with logs, events and metrics to enhance Operational Intelligence across a variety of use cases.
Capture only the relevant wire data for analytics, through filters and aggregation rules. Manage wire data volumes with fine-grained precision by selecting or deselecting protocols and associated attributes within the App interface.
Rapidly deploy wire data collection, from the App interface, to gain real time network visibility that is otherwise unavailable from cloud implementations and hard to achieve with traditional datacenters. Respond quickly to any issue with a simple interface-driven installation, centralized deployment and configuration across IT environments of all sizes. -
Using the Splunk App for Web Analytics you can get analytics on your weblogs similar to what you would find using various online services (Google Analytics, Omniture, Webtrends) . Contrary to those tools you will get the analytics based on your web log data rather than injecting javascripts into the web pages that report back information to a cloud service.
You can get up and running within minutes and as you are basing the analytics on web log data you can quickly perform analytics on historical data as well as new real-time data being indexed by Splunk. Web services based around a javascript collector will only work for future events. This app can work in conjunction with these other services where you can do data mining and hypothesis testing in Splunk before you deploy a tag or web tracking configuration change to a live environment. -
The PCAP Analyzer for Splunk includes useful Dashboards to analyze network packet capture files from Wireshark or Network Monitor (.pcap) and network streaming data (Splunk App for Stream).
The App includes Dashboards which will show you:
- The Top Talker IP's, Protocols, VLANs, Conversations
- Detailed overview about IP Conversations, Packet Loss, TCP Error's, Round Trip Time
- First version of Microburst Dashboard
- NFS / HTTP / Keep Alive Communication Dashboards
- Distance / Hop Calculator between two IP-addresses Palo Alto Networks Add-on for Splunk
The Palo Alto Networks Add-on for Splunk allows a SplunkR Enterprise administrator to collect data from Palo Alto Networks Next-Generation Firewall devices and Advanced Endpoint Protection. The add-on collects traffic, threat, system, configuration, and endpoint logs from Palo Alto Networks physical or virtual firewall devices over syslog. After Splunk Enterprise indexes the events, you can consume the data using the prebuilt dashboard panels included with the add-on. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.
Examples
-
The Splunk 6.x Dashboard app delivers examples that give you a hands-on way to learn the basic concepts and tools needed to rapidly create rich dashboards using Simple XML. This new app incorporates learn-by-doing Simple XML examples, including extensions to Simple XML for further customization of layout, interactivity, and visualizations.
With the app you will learn basic Simple XML concepts and how to incorporate the built-in components. All the included examples deliver a recipe for implementing dashboard elements, beginning with the most basic and progressing to more advanced elements. Each example in the app includes an actual runtime visualization followed by a description and supporting source code.
参考サイト