Splunk Overview
Splunk’s offerings provide organizations with multiple entry points into security monitoring. The path can start with basic event collection and simple use cases with Splunk Enterprise through to richer SIEM functionality with Splunk Enterprise Security, more advanced analytics with UBA and SOAR capabilities with Phantom.
The vendor has a strong ecosystem of technology integrations available in the Splunk application marketplace, called Splunkbase.
PII protection features are strong; obfuscation and PII masking are supported down to the field level, and can be applied based on user identities, locations and other characteristics.
Splunk is highly visible in the industry among organizations interested in security monitoring solutions, among service providers that compete to provide Splunk services and among the workforce that offers widespread Splunk technical expertise.
Guardium -> Splunk Integration App Value
IBM Guardium’s Splunk Integration App can be downloaded at no-charge from IBM Security App Exchange and installed in Guardium in minutes. A link to this app can also be found on Splunkbase.
This application leverages Guardium’s ability to integrate with 3rd parties and augments the platform by pushing audit and log data from Guardium to Splunk in a single pain of glass. Guardium's collected data (Syslogs, Data Exports) is exported to Splunk by sending archived SCV files via SCP protocol.
Guardium’s robust, open architecture and log collection ability allow for quick, easy, on-demand ingestion of Guardium’s Data Exports by Splunk with just a few clicks. Splunk’s fast and intuitive ‘Google-like’ search allows SOC analysts to perform audits and develop an understanding of the organization’s security posture by managing Guardium data-security information and events for use cases such as advanced threats, insider threats, securing the cloud, vulnerability management and critical data protection.
Splunk has a strong, supporting community and a large fan base. It is often times found deployed in business-operational groups to collect and process log data. This integration can be easily brought to a security operations team to add value to an existing workflow. Guardium customers have asked for an integration with Splunk as it advances their business processes and increases their security posture – we have answered this request with a scalable integration.