SlideShare a Scribd company logo

Splunk for palo_alto

G
Greg Hanchin

Splunk for Palo Alto Application

1 of 2
Download to read offline
F a c t S h e e t could identify a potential security risk in message logs and trigger an update to that user’s profile on the Palo Alto Networks firewall, resulting in an automated, improved security posture. All security-relevant data can be searched and analyzed from one place in Splunk—catching attackers and malicious insiders who may have previously gone undetected. Splunk software can be deployed without requiring custom parsers or connectors and the Splunk App for Palo Alto Networks and its content are available at no additional cost. You can extend the App for Palo Alto Networks by creating your own dashboards, visualizations and alerts to match the specific use case as needed. Palo Alto Networks Next-Generation Firewall and Splunk The Splunk App for Palo Alto Networks also fully supports the virtualization capabilities available in the Palo Alto Networks firewall. The user is provided an aggregate view of metrics across all virtualized firewalls, but can choose to view one or a subset of all virtualized firewalls. In this way, the security of business services can be tracked and monitored over time. The following visualizations and reports are available in the Splunk App for Palo Alto Networks. Each visualization or report can be clicked on to see the Palo Alto Networks data fueling the dashboard graphic: Palo Alto Networks Overview Geographic overview of threats and event types – A geographic view of threats shown on a world map (Splunk Google Maps App or amMap App required). Includes a real-time presentation of events flowing through the firewall shown by event type. Traffic and Web Activity Dashboards Selecting any combination of the following data elements can alter dashboard views: Source IP, Destination IP, Destination port, Action, Source user, and/or App. Palo Alto Networks next-generation firewalls enhance network security and enable enterprises to look beyond IP addresses and packets. These innovative firewalls let you see and control applications, user behaviors and content using three unique identification technologies: App-ID, User-ID and Content-ID. The Palo Alto Networks identification technologies enable you to create business-relevant and application-based security policies. This approach goes beyond the traditional “all-or-nothing” method offered by traditional port-blocking firewalls used in many security infrastructures. Palo Alto Networks firewalls integrate IPS and firewall capabilities and use signature heuristics to identify particular application risks and threats. They also integrate with LDAP or Active Directory and can dynamically link IP addresses to users and groups that access your network. Palo Alto Networks firewalls also support virtual firewall instances on a single pair of firewalls (for high availability). This allows for network segmentation for departmental services that apply specific customized policies per business service. The departmental chargeback services model is fully supported. Why Splunk for Palo Alto Networks? Splunk offers Palo Alto Networks firewall users a massively scalable real-time IT data engine. The Splunk App for Palo Alto Networks gives you pre-defined content with key performance indicators (KPIs) and long-term trending. In addition to robust reporting, Splunk supports the collection of terabytes of data per day in real time. Splunk software extends Palo Alto Networks’ situational awareness capabilities with real-time continuous monitoring and trending. Using data from Palo Alto Networks, Splunk can be set for a specific risk threshold and monitor for variances based on time-of-day, day- of-the week or over a year’s worth of data. Palo Alto Networks’ URL filtering capabilities are enhanced by Splunk’s ability to perform long-term trending and provide business-level reports as needed. There are numerous immediate benefits to deploying the Splunk App for Palo Alto Networks. The App delivers advanced security reporting and analysis. Security analysts, network administrators and architects can now leverage application and user visibility at an unprecedented scale and rate. Security administrators can drill down into Palo Alto Networks data in one or two clicks, allowing them to investigate incidents in minutes instead of hours or days. In addition, human resource departments can leverage dashboards and reports in Splunk to track security compliance. The Splunk App for Palo Alto Networks also includes custom commands to enable Splunk searches to automatically change configurations on Palo Alto Networks firewalls. For example, an administrator analyzing data in Splunk from an Exchange server Maximizing Network and Application Security, Visibility and Control Splunk® App for Palo Alto Networks
www.splunk.com 250 Brannan St, San Francisco, CA, 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.splunkbase.com Copyright © 2013 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # FS-Splunk-PaloAlto-Networks-105 F a c t s h e e t Content, Data Filtering and URL Filtering Dashboards Selecting any combination of the following data elements can alter dashboard views: Source IP, Destination IP, Content Type, Category, Virtual System, and/or App. These dashboards allow the user to understand the content types and browsing history of users over time. Event actions and data events by application are tracked in real time, while data event threat IDs, data filtering by country and by application and category are supported in snapshot views. Splunk software takes full advantage of the average threat risk data and monitors the average risk in real time. Console System and Configuration Dashboards Selecting any combination of the following data elements can alter dashboard views: Log Subtype, Event ID, Serial Number, Virtual System, Severity, and/or Description. These dashboards allow the Palo Alto Networks firewall administrator to monitor key performance metrics and configuration changes. Views of the latest system events by Log subtype, Event ID and by Virtual system provide a complete picture of system performance. Up-to-the-minute system configuration changes are monitored in the App so that unscheduled configuration changes can be monitored and system integrity maintained. This information is broken down in a way that allows knowing which systems were changed, who made the change and what changes were made. Free Download Download Splunk. You’ll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. You can convert to a perpetual Free license or purchase an Enterprise license by contacting sales@splunk.com. Bytes Transferred Over Time – Watches for spikes in traffic and allows for drill-down into specific time periods to view anomalous behavior Protocols Over Time – Top protocols in use over time Bytes Transferred Over Time – Bytes sent and Bytes received Top App by Bytes Transferred – Records the app transferring the most data in or out of the network Top App by Request – Monitors the use of app requests and classifies them using Palo Alto Networks categories Top Source IP – Presents a view of inbound traffic by IP Top Destination Port – Presents a view of the traffic through the firewall by common port number Top Destination IP – Indicates what IPs are being accessed outside the network Top Destination User – Indicates which users are making the most connections to external websites Palo Alto Networks Threat Dashboard Selecting any combination of the following data elements can alter dashboard views: Source IP, Destination IP, Log Sub Type, Threat ID, App, and/or Virtual System. Threats Over Time by Subtype – Monitors and tracks real-time or historic data from Palo Alto Networks by threat sub-type. Views include all sub-types or only vulnerability, virus, or Spyware Threats Over Time by Risk – Monitors and tracks real-time or historic data from Palo Alto Networks using their risk scoring data for risk trending Top Threat IDs – Using Splunk’s look-up capability, the actual ‘plain English’ meaning for a threat ID number is displayed along with the count or number of times the threat has been seen by the firewall Threats by Application – Shows which applications are being seen by Palo Alto Networks as a threat Threats by Destination Category – Indicates which business category of hosts is being threatened Top Source IP – Shows the Top Source IPs by the number of attempts to access the network Threats by Severity – Uses Palo Alto Networks’ threat category classifications to graphically represent the number of threats seen by an application Top Destination IP – Shows the Top Destination IPs by the number of attempts

Recommended

Swascan
Swascan Swascan
Swascan Pierguido Iezzi
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsSplunk
 
CYBER THREAT ASSESSMENT
CYBER THREAT ASSESSMENTCYBER THREAT ASSESSMENT
CYBER THREAT ASSESSMENTLan & Wan Solutions
 
CTAP
CTAPCTAP
CTAPLan & Wan Solutions
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Joseph Iannelli
 
Inside forti os-v524-r5
Inside forti os-v524-r5Inside forti os-v524-r5
Inside forti os-v524-r5Lan & Wan Solutions
 
Hiding In Plain Sight – Protect Against Bad Hashes
Hiding In Plain Sight – Protect Against Bad HashesHiding In Plain Sight – Protect Against Bad Hashes
Hiding In Plain Sight – Protect Against Bad HashesTripwire
 
Application Programming Interface
Application Programming InterfaceApplication Programming Interface
Application Programming InterfaceSeculert
 

Recommended

Swascan
Swascan Swascan
Swascan Pierguido Iezzi
 
Enterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsEnterprise Security and User Behavior Analytics
Enterprise Security and User Behavior AnalyticsSplunk
 
CYBER THREAT ASSESSMENT
CYBER THREAT ASSESSMENTCYBER THREAT ASSESSMENT
CYBER THREAT ASSESSMENTLan & Wan Solutions
 
CTAP
CTAPCTAP
CTAPLan & Wan Solutions
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Joseph Iannelli
 
Inside forti os-v524-r5
Inside forti os-v524-r5Inside forti os-v524-r5
Inside forti os-v524-r5Lan & Wan Solutions
 
Hiding In Plain Sight – Protect Against Bad Hashes
Hiding In Plain Sight – Protect Against Bad HashesHiding In Plain Sight – Protect Against Bad Hashes
Hiding In Plain Sight – Protect Against Bad HashesTripwire
 
Application Programming Interface
Application Programming InterfaceApplication Programming Interface
Application Programming InterfaceSeculert
 
Splunk for fisma
Splunk for fismaSplunk for fisma
Splunk for fismaGreg Hanchin
 
Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk
 
CTAP
CTAPCTAP
CTAPLan & Wan Solutions
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANEvento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANSWASCAN
 
PHP SuperGlobals - Supersized Trouble
PHP SuperGlobals - Supersized TroublePHP SuperGlobals - Supersized Trouble
PHP SuperGlobals - Supersized TroubleImperva
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT OperationsSplunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT OperationsSplunk
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyFrancesco Faenzi
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk
 
The Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceThe Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceImperva
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Eoin Keary
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through CorrelationAnton Chuvakin
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeUPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeFrancesco Faenzi
 
Observability – the good, the bad, and the ugly
Observability – the good, the bad, and the uglyObservability – the good, the bad, and the ugly
Observability – the good, the bad, and the uglyTimetrix
 
Analysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in EuropeAnalysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in EuropeFrancesco Faenzi
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...Splunk
 
Firewalls
FirewallsFirewalls
FirewallsSonali Parab
 
Firewalls
FirewallsFirewalls
FirewallsIGZ Software house
 

More Related Content

What's hot

Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaIBM Danmark
 
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANEvento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANSWASCAN
 
PHP SuperGlobals - Supersized Trouble
PHP SuperGlobals - Supersized TroublePHP SuperGlobals - Supersized Trouble
PHP SuperGlobals - Supersized TroubleImperva
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101Splunk
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT OperationsSplunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT OperationsSplunk
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyFrancesco Faenzi
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk
 
The Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceThe Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceImperva
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Eoin Keary
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through CorrelationAnton Chuvakin
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeUPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeFrancesco Faenzi
 
Observability – the good, the bad, and the ugly
Observability – the good, the bad, and the uglyObservability – the good, the bad, and the ugly
Observability – the good, the bad, and the uglyTimetrix
 
Analysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in EuropeAnalysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in EuropeFrancesco Faenzi
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...Splunk
 

What's hot (20)

Splunk for fisma
Splunk for fismaSplunk for fisma
Splunk for fisma
 
Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data InSplunk Discovery: Warsaw 2018 - Getting Data In
Splunk Discovery: Warsaw 2018 - Getting Data In
 
CTAP
CTAPCTAP
CTAP
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANEvento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
 
PHP SuperGlobals - Supersized Trouble
PHP SuperGlobals - Supersized TroublePHP SuperGlobals - Supersized Trouble
PHP SuperGlobals - Supersized Trouble
 
Machine Data 101
Machine Data 101Machine Data 101
Machine Data 101
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT OperationsSplunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
 
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case studyAdvanced Persistent Threat in ICS/SCADA/IOT world: a case study
Advanced Persistent Threat in ICS/SCADA/IOT world: a case study
 
Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk for Enterprise Security Featuring User Behavior Analytics
Splunk for Enterprise Security Featuring User Behavior Analytics
 
The Value of Shared Threat Intelligence
The Value of Shared Threat IntelligenceThe Value of Shared Threat Intelligence
The Value of Shared Threat Intelligence
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
 
Security Event Analysis Through Correlation
Security Event Analysis Through CorrelationSecurity Event Analysis Through Correlation
Security Event Analysis Through Correlation
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeUPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
 
Observability – the good, the bad, and the ugly
Observability – the good, the bad, and the uglyObservability – the good, the bad, and the ugly
Observability – the good, the bad, and the ugly
 
Analysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in EuropeAnalysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in Europe
 
Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per... Building a Security Information and Event Management platform at Travis Per...
Building a Security Information and Event Management platform at Travis Per...
 

Viewers also liked

Firewall
FirewallFirewall
FirewallApo
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Firewall
FirewallFirewall
FirewallApo
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 

Viewers also liked (7)

Firewalls
FirewallsFirewalls
Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
FireWall
FireWallFireWall
FireWall
 
Firewall
FirewallFirewall
Firewall
 
Firewall
Firewall Firewall
Firewall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 

Similar to Splunk for palo_alto

Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_securityGreg Hanchin
 
Splunk Enterprise 6.1 Solutions Brief
Splunk Enterprise 6.1 Solutions BriefSplunk Enterprise 6.1 Solutions Brief
Splunk Enterprise 6.1 Solutions BriefManish Kalra
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03NiketNilay
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)Sam Kumarsamy
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
Apcon intellastore security visibility platform
Apcon intellastore security visibility platformApcon intellastore security visibility platform
Apcon intellastore security visibility platformapconinc
 
SplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT OperationsSplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT OperationsSplunk
 
Splunk guide for_iso_27002
Splunk guide for_iso_27002Splunk guide for_iso_27002
Splunk guide for_iso_27002Greg Hanchin
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT OperationsSplunk
 
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your PartnerPartner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your PartnerAmazon Web Services
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Splunk
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Zernike College
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 

Similar to Splunk for palo_alto (20)

Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_security
 
Splunk Enterprise 6.1 Solutions Brief
Splunk Enterprise 6.1 Solutions BriefSplunk Enterprise 6.1 Solutions Brief
Splunk Enterprise 6.1 Solutions Brief
 
Splunk for f5
Splunk for f5Splunk for f5
Splunk for f5
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
Splunk enterprise security_splunk_bengaluru_user_group_2020_10_03
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMP
 
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
Splunk Discovery: Warsaw 2018 - Solve Your Security Challenges with Splunk En...
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
Apcon intellastore security visibility platform
Apcon intellastore security visibility platformApcon intellastore security visibility platform
Apcon intellastore security visibility platform
 
SplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT OperationsSplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT Operations
 
Splunk guide for_iso_27002
Splunk guide for_iso_27002Splunk guide for_iso_27002
Splunk guide for_iso_27002
 
Splunk for IT Operations
Splunk for IT OperationsSplunk for IT Operations
Splunk for IT Operations
 
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your PartnerPartner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
Partner Solutions: Splunk - Cloud Is a Journey. Make Splunk Your Partner
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On) Getting Started with Splunk (Hands-On)
Getting Started with Splunk (Hands-On)
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 

More from Greg Hanchin

NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNKGreg Hanchin
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchangeGreg Hanchin
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threatGreg Hanchin
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43courseGreg Hanchin
 
Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administrationGreg Hanchin
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Greg Hanchin
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 courseGreg Hanchin
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43courseGreg Hanchin
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline Greg Hanchin
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionGreg Hanchin
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk courseGreg Hanchin
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsGreg Hanchin
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_briefGreg Hanchin
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduceGreg Hanchin
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktopGreg Hanchin
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connectGreg Hanchin
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directoryGreg Hanchin
 

More from Greg Hanchin (20)

NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNK
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchange
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threat
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43course
 
Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administration
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 course
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43course
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class description
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk course
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class Details
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_brief
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduce
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktop
 
Splunk for ibtrm
Splunk for ibtrmSplunk for ibtrm
Splunk for ibtrm
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connect
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directory
 

Splunk for palo_alto

  • 1. F a c t S h e e t could identify a potential security risk in message logs and trigger an update to that user’s profile on the Palo Alto Networks firewall, resulting in an automated, improved security posture. All security-relevant data can be searched and analyzed from one place in Splunk—catching attackers and malicious insiders who may have previously gone undetected. Splunk software can be deployed without requiring custom parsers or connectors and the Splunk App for Palo Alto Networks and its content are available at no additional cost. You can extend the App for Palo Alto Networks by creating your own dashboards, visualizations and alerts to match the specific use case as needed. Palo Alto Networks Next-Generation Firewall and Splunk The Splunk App for Palo Alto Networks also fully supports the virtualization capabilities available in the Palo Alto Networks firewall. The user is provided an aggregate view of metrics across all virtualized firewalls, but can choose to view one or a subset of all virtualized firewalls. In this way, the security of business services can be tracked and monitored over time. The following visualizations and reports are available in the Splunk App for Palo Alto Networks. Each visualization or report can be clicked on to see the Palo Alto Networks data fueling the dashboard graphic: Palo Alto Networks Overview Geographic overview of threats and event types – A geographic view of threats shown on a world map (Splunk Google Maps App or amMap App required). Includes a real-time presentation of events flowing through the firewall shown by event type. Traffic and Web Activity Dashboards Selecting any combination of the following data elements can alter dashboard views: Source IP, Destination IP, Destination port, Action, Source user, and/or App. Palo Alto Networks next-generation firewalls enhance network security and enable enterprises to look beyond IP addresses and packets. These innovative firewalls let you see and control applications, user behaviors and content using three unique identification technologies: App-ID, User-ID and Content-ID. The Palo Alto Networks identification technologies enable you to create business-relevant and application-based security policies. This approach goes beyond the traditional “all-or-nothing” method offered by traditional port-blocking firewalls used in many security infrastructures. Palo Alto Networks firewalls integrate IPS and firewall capabilities and use signature heuristics to identify particular application risks and threats. They also integrate with LDAP or Active Directory and can dynamically link IP addresses to users and groups that access your network. Palo Alto Networks firewalls also support virtual firewall instances on a single pair of firewalls (for high availability). This allows for network segmentation for departmental services that apply specific customized policies per business service. The departmental chargeback services model is fully supported. Why Splunk for Palo Alto Networks? Splunk offers Palo Alto Networks firewall users a massively scalable real-time IT data engine. The Splunk App for Palo Alto Networks gives you pre-defined content with key performance indicators (KPIs) and long-term trending. In addition to robust reporting, Splunk supports the collection of terabytes of data per day in real time. Splunk software extends Palo Alto Networks’ situational awareness capabilities with real-time continuous monitoring and trending. Using data from Palo Alto Networks, Splunk can be set for a specific risk threshold and monitor for variances based on time-of-day, day- of-the week or over a year’s worth of data. Palo Alto Networks’ URL filtering capabilities are enhanced by Splunk’s ability to perform long-term trending and provide business-level reports as needed. There are numerous immediate benefits to deploying the Splunk App for Palo Alto Networks. The App delivers advanced security reporting and analysis. Security analysts, network administrators and architects can now leverage application and user visibility at an unprecedented scale and rate. Security administrators can drill down into Palo Alto Networks data in one or two clicks, allowing them to investigate incidents in minutes instead of hours or days. In addition, human resource departments can leverage dashboards and reports in Splunk to track security compliance. The Splunk App for Palo Alto Networks also includes custom commands to enable Splunk searches to automatically change configurations on Palo Alto Networks firewalls. For example, an administrator analyzing data in Splunk from an Exchange server Maximizing Network and Application Security, Visibility and Control Splunk® App for Palo Alto Networks
  • 2. www.splunk.com 250 Brannan St, San Francisco, CA, 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.splunkbase.com Copyright © 2013 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # FS-Splunk-PaloAlto-Networks-105 F a c t s h e e t Content, Data Filtering and URL Filtering Dashboards Selecting any combination of the following data elements can alter dashboard views: Source IP, Destination IP, Content Type, Category, Virtual System, and/or App. These dashboards allow the user to understand the content types and browsing history of users over time. Event actions and data events by application are tracked in real time, while data event threat IDs, data filtering by country and by application and category are supported in snapshot views. Splunk software takes full advantage of the average threat risk data and monitors the average risk in real time. Console System and Configuration Dashboards Selecting any combination of the following data elements can alter dashboard views: Log Subtype, Event ID, Serial Number, Virtual System, Severity, and/or Description. These dashboards allow the Palo Alto Networks firewall administrator to monitor key performance metrics and configuration changes. Views of the latest system events by Log subtype, Event ID and by Virtual system provide a complete picture of system performance. Up-to-the-minute system configuration changes are monitored in the App so that unscheduled configuration changes can be monitored and system integrity maintained. This information is broken down in a way that allows knowing which systems were changed, who made the change and what changes were made. Free Download Download Splunk. You’ll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. You can convert to a perpetual Free license or purchase an Enterprise license by contacting sales@splunk.com. Bytes Transferred Over Time – Watches for spikes in traffic and allows for drill-down into specific time periods to view anomalous behavior Protocols Over Time – Top protocols in use over time Bytes Transferred Over Time – Bytes sent and Bytes received Top App by Bytes Transferred – Records the app transferring the most data in or out of the network Top App by Request – Monitors the use of app requests and classifies them using Palo Alto Networks categories Top Source IP – Presents a view of inbound traffic by IP Top Destination Port – Presents a view of the traffic through the firewall by common port number Top Destination IP – Indicates what IPs are being accessed outside the network Top Destination User – Indicates which users are making the most connections to external websites Palo Alto Networks Threat Dashboard Selecting any combination of the following data elements can alter dashboard views: Source IP, Destination IP, Log Sub Type, Threat ID, App, and/or Virtual System. Threats Over Time by Subtype – Monitors and tracks real-time or historic data from Palo Alto Networks by threat sub-type. Views include all sub-types or only vulnerability, virus, or Spyware Threats Over Time by Risk – Monitors and tracks real-time or historic data from Palo Alto Networks using their risk scoring data for risk trending Top Threat IDs – Using Splunk’s look-up capability, the actual ‘plain English’ meaning for a threat ID number is displayed along with the count or number of times the threat has been seen by the firewall Threats by Application – Shows which applications are being seen by Palo Alto Networks as a threat Threats by Destination Category – Indicates which business category of hosts is being threatened Top Source IP – Shows the Top Source IPs by the number of attempts to access the network Threats by Severity – Uses Palo Alto Networks’ threat category classifications to graphically represent the number of threats seen by an application Top Destination IP – Shows the Top Destination IPs by the number of attempts