ExtraHop and Splunk work together to deliver total internal visibility across every application, device, and system in your enterprise; machine learning-driven anomaly detection; and investigation automation through your existing Splunk interface.
Your team can take full advantage of our partnership by implementing two key pieces:
The ExtraHop Add-On for Splunk (download here): The Add-On uses the ExtraHop REST API to stream precise security and performance events to Splunk that otherwise would be difficult or impossible to log. The Add-On requires no agents, forwarders, or ExtraHop bundles.
The ExtraHop App for Splunk (download here): The App provides deep context to the data provided by the ExtraHop Add-On, including IP addresses, MAC addresses, hostnames, and more. It also includes three pre-configured dashboards (for DNS, Storage, and HTTP) to help you get started with ExtraHop's 4,000+ metrics.
With their powers combined, you'll unlock the following capabilities:
Access to Previously Invisible Metrics
ExtraHop passively captures critical metrics from the following systems:
- Web servers (Apache, Microsoft IIS, and more)
- Network services (DNS)
- Application servers (Apache Tomcat, ASP.NET, Ruby on Rails, and more)
- Mail and collaboration servers (including Microsoft SharePoint)
- Database servers (IBM DB2, IBM Informix, MySQL, Oracle, PostgreSQL, Microsoft SQL Server, and Sybase ASE)
- Storage devices
- Authentication servers (LDAP, RADIUS, Diameter)
- Network devices (including load balancers and firewalls)
Insight and Automation You Can Trust
Wire data is objective, comprehensive, and impossible to modify. This rich dataset keeps ExtraHop's machine learning service focused and precise. Together, ExtraHop and Splunk enable:
- Auto-detection of high priority threats and anomalies
- Automatic correlation of network, web, VDI, database, or storage events across log and wire data
- Anomaly-initiated response workflows
- Easy forensic investigation using ExtraHop live activity maps
While the ExtraHop + Splunk partnership will help your IT teams across the board, ExtraHop brings crucial depth and fidelity to Splunk's Enterprise Security Information and Event Management system. ExtraHop is the only solution capable of streaming rich wire data analytics to Splunk SIEM in real time, giving your security team an unmatched edge in early threat detection and hunting:
- Immediate and total visibility into black boxes like BYoD and IoT devices
- Automated security responses (like quarantining a malware-infected device) based on real-time detection
- Specific and precise data capture, recording, and forwarding for rapid incident response and forensics
Splunk software indexes and harnesses machine-generated big data that organizations can monitor, search, analyze, visualize, and act on. More than 4,400 organizations in over 80 countries use Splunk Enterprise for operational intelligence so that they can deepen their understanding of the business and their customers, improve service levels and uptime, reduce cost, and protect against cyber-security risks. For more information, visit www.splunk.com.