Splunk Security with the Infosec App

Security Splunk

There's so much that can be accomplished with Splunk’s security tools. Today, we are going to focus on all the benefits of the InfoSec App for Splunk.

The InfoSec app — which is an entitlement to Splunk customers — is powered by the Splunk platform, and relies on accelerated data models and the Common Information Model (CIM) to provide a consistent and normalized view into the event data that you’ll bring into Splunk. The InfoSec app has proven to help numerous organizations build their security program. It's a very popular app, having been downloaded over 21,000 times and is the perfect starter app for your organization’s security program.

The InfoSec app is designed to address the most common security use cases of your organization. The InfoSec app contains a collection of comprehensive, extensible dashboards and alerts that focus on the most common security oriented technology components within your organization's environment. It can be used to investigate incidents, automate compliance tasks, and help protect your network, users, and intellectual property from external adversaries and malicious insider threats.

We know how much you love dashboards, so the Infosec app allows you to create dashboards to fit nearly any and all security use cases including:

With the InfoSec App for Splunk, you'll have the ability to view all of your security events and posture in a single pane. The customizations available elevate the benefits of the app. Your organization can now complete audits by mapping customizable reports to common compliance frameworks such as NIST, HIPPA, PCI, and ISO.

While the InfoSec app can be used as an entry-level security app, there are a number of advanced threat detection use cases available. The advanced threat detections are an entry ramp for less experienced security teams to better understand the most sophisticated detection responses. No matter where your organization is on the security maturity journey, the InfoSec App for Splunk can help.

The best part? The InfoSec app meets you where you are. You can configure it with Splunk Security Essentials (SSE), Splunk Enterprise Security, Splunk SOAR, and other Splunk add-ons. There is also integration between InfoSec and the Splunk Machine Learning Toolkit (MLTK) that can enable advanced ML-based correlation searches within the InfoSec app to detect threats and provide alerts.

Splunk is committed to helping customers achieve more with our security products. There is so much to be excited about with the InfoSec App for Splunk and as always, Splunk is here to help with any questions you may have. Learn more and download the app here.

Happy Splunking!

----------------------------------------------------
Thanks!
Alex Salesi

/en_us/blog/fragments/the-essential-guide-to-soar
Style
two-column

Related Articles

Staff Picks for Splunk Security Reading May 2024
Security
3 Minute Read

Staff Picks for Splunk Security Reading May 2024

Splunk security experts share a list of presentations, whitepapers, and customer case studies that we feel are worth a read.
Parsing Domains with URL Toolbox (Just Like House Slytherin)
Security
3 Minute Read

Parsing Domains with URL Toolbox (Just Like House Slytherin)

One of the most popular Splunk security apps of all time, URL Toolbox’s URL parsing capabilities have been leveraged by thousands. Full story here.
Solving User Monitoring Use Cases With Splunk Enterprise Security
Security
4 Minute Read

Solving User Monitoring Use Cases With Splunk Enterprise Security

We all know Splunk’s data platform is capable of delivering incredible analytics and insights at scale, but how do we tie that power with all of the security content and premium solutions for security that Splunk provides? I thought it would be a good idea to jot some thoughts down about some common high level security use cases becauseI get asked this question so much.
/en_us/blog/fragments/about-splunk
/en_us/blog/fragments/subscribe-footer