Splunk Security with the Infosec App

Security Splunk

There's so much that can be accomplished with Splunk’s security tools. Today, we are going to focus on all the benefits of the InfoSec App for Splunk.

The InfoSec app — which is an entitlement to Splunk customers — is powered by the Splunk platform, and relies on accelerated data models and the Common Information Model (CIM) to provide a consistent and normalized view into the event data that you’ll bring into Splunk. The InfoSec app has proven to help numerous organizations build their security program. It's a very popular app, having been downloaded over 21,000 times and is the perfect starter app for your organization’s security program.

The InfoSec app is designed to address the most common security use cases of your organization. The InfoSec app contains a collection of comprehensive, extensible dashboards and alerts that focus on the most common security oriented technology components within your organization's environment. It can be used to investigate incidents, automate compliance tasks, and help protect your network, users, and intellectual property from external adversaries and malicious insider threats.

We know how much you love dashboards, so the Infosec app allows you to create dashboards to fit nearly any and all security use cases including:

With the InfoSec App for Splunk, you'll have the ability to view all of your security events and posture in a single pane. The customizations available elevate the benefits of the app. Your organization can now complete audits by mapping customizable reports to common compliance frameworks such as NIST, HIPPA, PCI, and ISO.

While the InfoSec app can be used as an entry-level security app, there are a number of advanced threat detection use cases available. The advanced threat detections are an entry ramp for less experienced security teams to better understand the most sophisticated detection responses. No matter where your organization is on the security maturity journey, the InfoSec App for Splunk can help.

The best part? The InfoSec app meets you where you are. You can configure it with Splunk Security Essentials (SSE), Splunk Enterprise Security, Splunk SOAR, and other Splunk add-ons. There is also integration between InfoSec and the Splunk Machine Learning Toolkit (MLTK) that can enable advanced ML-based correlation searches within the InfoSec app to detect threats and provide alerts.

Splunk is committed to helping customers achieve more with our security products. There is so much to be excited about with the InfoSec App for Splunk and as always, Splunk is here to help with any questions you may have. Learn more and download the app here.

Happy Splunking!

----------------------------------------------------
Thanks!
Alex Salesi

/en_us/blog/fragments/the-essential-guide-to-soar
Style
two-column

Related Articles

Investigating GSuite Phishing Attacks with Splunk
Security
6 Minute Read

Investigating GSuite Phishing Attacks with Splunk

Splunk Threat Research Team (STRT) recently observed a phishing campaign using GSuite Drive file-sharing as a phishing vector. Learn more and deploy detections to prevent them in your environment.
Heading to Black Hat? Splunk’s Countdown Is On
Security
1 Minute Read

Heading to Black Hat? Splunk’s Countdown Is On

Join Splunk at Black Hat 2023 to explore Splunk Attack Analyzer, SURGe research on Chrome browser extension risks, and the latest detection engineering tools from the Splunk Threat Research Team.
Staff Picks for Splunk Security Reading October 2021
Security
4 Minute Read

Staff Picks for Splunk Security Reading October 2021

Hi everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, white papers, and customer case studies that we feel are worth a read. This month we decided to switch things up and include some of our favorite .conf21 presentations. We hope you enjoy.
/en_us/blog/fragments/about-splunk
/en_us/blog/fragments/subscribe-footer