Thanks For Downloading!Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows: Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into Unix/Linux: Decompress the downloaded file using a tool like DescriptionSplunk App for Enterprise Security is a security practitioner's 'lens' for security data collected in Splunk. This app covers the most prevalent use cases for data correlation and alerting organizing, security relevant data in an easy to use security domain format to provide continuous monitoring and situational awareness. Security issues happen fast and can start anywhere in your IT architecture. By collecting and correlating system performance information with endpoint, network, and access security data, Splunk for Enterprise Security can provide an end-to-end view of data protection and availability. Splunk for Enterprise Security leverages Splunk's ability to scale across terabytes of data to watch for persistent threats that only reveal themselves as patterns of activity in large amounts of system data over long periods of time. The Splunk App for Enterprise Security provides a scalable high-performance indexing engine with a focus on security events in a single scalable data collection, correlation, and alerting solution. Security analysts can quickly and easily drill-down from time lines and graphical elements to raw system data, then back to dashboards. Built-in workflow actions allow the user to follow the trail of an investigation wherever it leads across data sources, hosts and security domains. |
I want try it,but how can I download it?
I want try it,but how can I download it?
A preview of the app is on youtube:
http://youtu.be/HKi8J7JM068
http://youtu.be/83bG8ZIV30c
http://youtu.be/i3CUuZDlp1M
Nice App will a wholesome picture. Awaiting for the Updates on this.
agree, at least give me webinar on this, so ican decide and compare over next best thing.
This is a great app. I'm a splunker that came from a well known SIEM company. I also have more than a decade of security practitioner experience. I have found that Splunk has done a great job at laying out the content in a way that will make a great deal of sense to anyone that follows the (ISC)2 way of thinking about security domains.
Building on the above, as you can see from the sample diagram above there are headers at the top listing seven domains. Each of which is a pulldown menu offering dashboards and content directly relevant to the domain. I personally have not seen such a smart, and succinct way of laying out content. In much of the SIEM world, simply asking the question 'ok, this is great, where is my home screen that weaves all this content together?' will produce nervous answers.
Want to know my favorite 'pet' feature of ESS? Under 'Endpoint Protection' there is actually a dashboard dedicated to time. Ever noticed how all security practitioners and SIEM companies espouse the value of accurate (read: NTP) time? When is the last time you saw a succinct, simple and effective place letting you know the status of time syncing of all your server devices? ;)
I'm very interesting to try this app, too. I hope that this'll be possible in the near future.
It would be nice if Splunk could offer an eval of this product. Thus far it's been a non starter. Given the price $$$$$$ tag, I'm not willing to jump before test driving.
