Tech Partner

Partner Logo

Visualize security and performance events throughout your enterprise.

 

Overview

ExtraHop and Splunk work together to deliver total internal visibility across every application, device, and system in your enterprise; machine learning-driven anomaly detection; and investigation automation through your existing Splunk interface.

Access Previously Invisible Metrics

Your team can take full advantage of our partnership by implementing two key pieces:

The ExtraHop Add-On for Splunk (download here): The Add-On uses the ExtraHop REST API to stream precise security and performance events to Splunk that otherwise would be difficult or impossible to log. The Add-On requires no agents, forwarders, or ExtraHop bundles.

The ExtraHop App for Splunk (download here): The App provides deep context to the data provided by the ExtraHop Add-On, including IP addresses, MAC addresses, hostnames, and more. It also includes three pre-configured dashboards (for DNS, Storage, and HTTP) to help you get started with ExtraHop's 4,000+ metrics.

With their powers combined, you'll unlock the following capabilities:

ExtraHop passively captures critical metrics from the following systems:

  • Web servers (Apache, Microsoft IIS, and more)
  • Network services (DNS)
  • Application servers (Apache Tomcat, ASP.NET, Ruby on Rails, and more)
  • Mail and collaboration servers (including Microsoft SharePoint)
  • Database servers (IBM DB2, IBM Informix, MySQL, Oracle, PostgreSQL, Microsoft SQL Server, and Sybase ASE)
  • Storage devices
  • Authentication servers (LDAP, RADIUS, Diameter)
  • Network devices (including load balancers and firewalls)

ExtraHop Dashboard

Key Features

Immediate and total visibility into black boxes like BYoD and IoT devices

Automated security responses based on real-time detection

Specific and precise data capture, recording, and forwarding

Quote Icon

Concur uses ExtraHop to extract the precise information we're looking for and immediately export it to Splunk, where we can perform deep analytics. This combination of wire data and machine data enables us to quickly answer questions that we would not be able to answer otherwise.

John Tharp Lead Software Configuration Engineer, Concur

Insight and Automation You Can Trust

Wire data is objective, comprehensive, and impossible to modify. This rich dataset keeps ExtraHop's machine learning service focused and precise. Together, ExtraHop and Splunk enable:

  • Auto-detection of high priority threats and anomalies
  • Automatic correlation of network, web, VDI, database, or storage events across log and wire data
  • Anomaly-initiated response workflows
  • Easy forensic investigation using ExtraHop live activity maps

While the ExtraHop + Splunk partnership will help your IT teams across the board, ExtraHop brings crucial depth and fidelity to Splunk's Enterprise Security Information and Event Management system. ExtraHop is the only solution capable of streaming rich wire data analytics to Splunk SIEM in real time, giving your security team an unmatched edge in early threat detection and hunting.

Learn more about ExtraHop for Splunk SIEM.

Useful Reading:

Blog: Wire Data Adds Crucial Context to Logs

White Paper: How to Get More Signal, Less Noise for Your SIEM

Demo Image

Launch the Demo

Solve network latency, poor web app delivery, and more with our live, interactive demo.

Start Now