ExtraHop and Splunk work together to deliver complete visibility across every application, device, and system in your enterprise, machine learning-driven threat detection, and guided investigations through your existing Splunk interface.
Close Every Visibility Gap
Your team can take full advantage of our partnership by implementing two key pieces:
The ExtraHop Add-On for Splunk (download here): The Add-On uses the ExtraHop REST API to stream precise security and performance events to Splunk that otherwise would be difficult or impossible to log. The Add-On requires no agents, forwarders, or ExtraHop bundles.
The ExtraHop App for Splunk (download here): The App provides deep context to the data provided by the ExtraHop Add-On, including IP addresses, MAC addresses, hostnames, and more. It also includes three pre-configured dashboards (for DNS, Storage, and HTTP) to help you get started with ExtraHop's 5,000+ metrics.
You'll gain real-time insight into the following and more:
- Web servers (Apache, Microsoft IIS, and more)
- Network services (DNS)
- Application servers (Apache Tomcat, ASP.NET, Ruby on Rails, and more)
- Mail and collaboration servers (including Microsoft SharePoint)
- Database servers (IBM DB2, IBM Informix, MySQL, Oracle, PostgreSQL, Microsoft SQL Server, and Sybase ASE)
- Storage devices
- Authentication servers (LDAP, RADIUS, Diameter)
- Network devices (including load balancers and firewalls)
Immediate and total visibility into black boxes like BYoD and IoT devices
Automated security responses based on real-time detection
Specific and precise data capture, recording, and forwarding
Concur uses ExtraHop to extract the precise information we're looking for and immediately export it to Splunk, where we can perform deep analytics. This combination of wire data and machine data enables us to quickly answer questions that we would not be able to answer otherwise.
John Tharp Lead Software Configuration Engineer, Concur
Wire data is objective, comprehensive, and impossible to modify. This rich dataset keeps ExtraHop's machine learning service focused and precise. Together, ExtraHop and Splunk enable:
- Auto-detection of high priority threats and anomalies
- Automatic correlation of network, web, VDI, database, or storage events across log and wire data
- Anomaly-initiated response workflows
- Easy forensic investigation using ExtraHop live activity maps
While the ExtraHop + Splunk partnership will help your IT teams across the board, ExtraHop brings crucial depth and fidelity to Splunk's Enterprise Security Information and Event Management system. ExtraHop streams rich wire data to Splunk SIEM in real time, giving your security team an unmatched edge in early threat detection and response as well as automated response capabilities.