SlideShare ist ein Scribd-Unternehmen logo
1 von 2
Downloaden Sie, um offline zu lesen
Automated Monitoring for NIST 800-53 Controls
Supporting the Risk Management Framework
Splunk App for FISMA Continuous Monitoring
F a c t S h e e t
“If you want to do continuous monitoring you have
to use Splunk. Before Splunk, our dashboard was
unreliable and had no timely connection to reality.”
US Department of Justice
The IT infrastructure is dynamic. Vendor technology updates
and new versions that contain security patches can’t wait for
new connectors or parsers. Splunk reads native log data from
operating systems and monitors for specific conditions that may
indicate hosts that are out of compliance. Using Splunk, this data
can then be cross-referenced directly to specific and appropriate
NIST 800-53 controls.
Splunk scalability
Continuous monitoring requires highly scalable data
management. Splunk scales linearly across commodity servers
and supports the largest of data volumes. And when you add
servers to collect additional data it doesn’t impact search
performance. You can collect terabytes of data per day and also
search for exactly what you want in seconds.
Reporting without a schema
Continuous monitoring is in its early stages and the FISMA
reporting requirements are still in flux. With a traditional
relational database a new report might require you to go back
and modify the schema—potentially taking days or weeks. With
Splunk, there is no fixed schema and a common information
(CIM) model supporting FISMA is applied. Splunk collects and
stores IT data in a flat file and fully-indexed structure that can be
scaled across multiple Splunk severs. You can generate reports
on the fly without the cost or complexity of having to reload the
data into a highly structured relational database model.
Ad-hoc search and forensic navigation across all IT data
The Splunk freeform search language and highly interactive user
interface give immediate results and make it faster to interact
with IT data than homegrown scripting or report/SQL-oriented
tools. Splunk makes it easy to implement incident response
procedures including in-depth incident investigations of
suspected compromises.
“We are using Splunk to pass our FISMA
assessments.”
NASA
Challenges
Any government agency, whether it is a civilian, defense or
intelligence agency, depends on information technology to
help support data integrity, reduce mission risk and ensure the
confidentiality and availability of information.
In response to these needs, NIST published its Risk Management
Framework (RMF) as part of the NIST publication 800-37
(updated February 2010). This framework outlines a six-step
continuous monitoring process to establish security best
practices for governmental agencies. NIST 800-37 complements
the guidance in NIST 800-137 (draft) and provides a more
in-depth view of the continuous monitoring methodology and
strategy. The continuous monitoring process steps in NIST 800-
137 (draft) are listed as: Define, Establish, Implement, Analyze/
Report, Respond and Review/Update.
Organizations implementing a continuous monitoring process
should do so in an automated fashion—to reduce the time and
labor spent poring over terabytes of data from workstations,
servers, applications and other elements across the IT
infrastructure.
Why Splunk?
Splunk Enterprise is a highly scalable engine for machine-
generated IT data. It collects, indexes and harnesses machine
data from across your physical, virtual or cloud infrastructures in
real time. Unstructured machine data is given structure through
time-based indexing so that analytics can be applied to data to
gain insight and understanding. Splunk captures and monitors
real-time data streams from applications, network devices,
hosts, security devices and software. In addition to real-time
streams, Splunk analyzes historical data looking for trends,
patterns and anomalies. Splunk supports continuous monitoring
and also delivers a security-related context you can apply to any
event from any layer of an IT infrastructure.
www.splunk.comlisten to your data
250 Brannan St, San Francisco, CA, 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.splunkbase.com
F a c t s h e e t
Copyright © 2013 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws.
Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned
herein may be trademarks of their respective companies. Item # FS-splunk-Fisma-103
Splunk provides an easy-to-digest graphical view of these
controls in the “Continuous Monitoring” dashboard, which
supports continuous monitoring for three risk based
components:
•	 ACM – Account Management
•	 ACP – Privileged Access
•	 ACL – Login Access
This simple and clean view with high-level gauges, historical
trending and heat map allows you to quickly determine if any
controls need further investigation.
For each supported control Splunk supplies a detailed view with
interactive charts and tables that enable you to immediately drill
down into the original event data and further understand what is
causing the increased risk.
Splunk also supports additional controls depending on what
other tools you may have in your environment. Other controls
can be built and supported based on data collected from SCAP
tools. For example, the Splunk for Tivoli Endpoint Manager
(formerly BigFix) application (available at no cost on www.
splunk.com) will ingest information about vulnerabilities and
patches from your Tivoli Endpoint Manager server. Splunk’s
ability to ingest data in any format and then perform on-the-
fly normalization makes it possible to generate continuous
monitoring reports and gain wider visibility—and consolidate
multiple tools in the process.
The Splunk App for FISMA is based on a common information
model (CIM) that allows for easy mapping of new data types and
sources into the application. Also, since the App was built with
automated reporting in mind it is fully compatible with the Office
of Management and Budget’s (OMB) interactive collection tool,
CyberScope.
The Splunk App for FISMA
The Splunk for FISMA App provides a plug-and-play framework
for continuous monitoring of specific NIST 800-53 controls
for Windows and Unix/Linux systems that eases the burden of
desktop compliance. Security-specific product add-ons are also
supported through additional services. The following controls
are continuously monitored with searches and dashboards
within the Splunk for FISMA App:
•	 AC-2 Account Management
•	 AC-3 Access Enforcement
•	 AC-4 Information Flow
•	 AC-6 Least Privilege
•	 AC-7 Unsuccessful Login Attempts
•	 AC-12 Session Termination
•	 AC-14 Permitted Action w/o Authentication
•	 AC-17 Remote Access
•	 AC-18 Wireless Access Restrictions
•	 AU-2 Auditable Events
•	 AU-3 Content of Audit Records
•	 AU-5 Response to Audit Processing Failures
•	 AU-8 Time Stamps
•	 AU-9 Protection of Audit Information
•	 CM-4 Configuration Changes
•	 PE-11 Emergency Power
•	 PE-14 Temperature Controls
•	 SC-10 Network Disconnect
•	 SI-3 Malicious Code Protection
•	 SI-11 Error Handling
•	 IA-5 Authenticator Management
•	 PS-4 Personnel Termination
Free Download
Download Splunk for free. You’ll get a Splunk Enterprise
license for 60 days and you can index up to 500 megabytes
of data per day. After 60 days, or anytime before then, you
can convert to a perpetual Free license or purchase an
Enterprise license by contacting sales@splunk.com.

Más contenido relacionado

Was ist angesagt?

Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALRisi Avila
 
ExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPTim De Keukelaere
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoEMC
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk ManagementFISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Managementdanphilpott
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Joseph Iannelli
 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...Splunk
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationTripwire
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
ThirdEye - LinkedIn's Business-wide monitoring platform
ThirdEye - LinkedIn's Business-wide monitoring platformThirdEye - LinkedIn's Business-wide monitoring platform
ThirdEye - LinkedIn's Business-wide monitoring platformAkshay Rai
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkWilliam McBorrough
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Donald E. Hester
 

Was ist angesagt? (20)

Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
PPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINALPPT-Splunk-LegacySIEM-101_FINAL
PPT-Splunk-LegacySIEM-101_FINAL
 
ExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATPExpertsLiveNL - Post Breach Security with ATA or ATP
ExpertsLiveNL - Post Breach Security with ATA or ATP
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status Quo
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
 
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk ManagementFISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Management
 
Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015Viewfinity Application Control and Monitoring 2015
Viewfinity Application Control and Monitoring 2015
 
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
SplunkLive! Munich 2018: Predictive, Proactive, and Collaborative ML with IT ...
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To Companies
 
Achieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security AutomationAchieving Continuous Monitoring with Security Automation
Achieving Continuous Monitoring with Security Automation
 
Quadrant MSSP Doc
Quadrant MSSP DocQuadrant MSSP Doc
Quadrant MSSP Doc
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm
 
ThirdEye - LinkedIn's Business-wide monitoring platform
ThirdEye - LinkedIn's Business-wide monitoring platformThirdEye - LinkedIn's Business-wide monitoring platform
ThirdEye - LinkedIn's Business-wide monitoring platform
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
 
Information security risk
Information security riskInformation security risk
Information security risk
 
IBM QRadar Xforce
IBM QRadar XforceIBM QRadar Xforce
IBM QRadar Xforce
 
SAST Code Security Advisor for SAP [Webinar]
SAST Code Security Advisor for SAP [Webinar]SAST Code Security Advisor for SAP [Webinar]
SAST Code Security Advisor for SAP [Webinar]
 
Outlier+Overview
Outlier+OverviewOutlier+Overview
Outlier+Overview
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
Understanding the Risk Management Framework & (ISC)2 CAP Module 8: Implement ...
 

Ähnlich wie Splunk for fisma

Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Splunk guide for_iso_27002
Splunk guide for_iso_27002Splunk guide for_iso_27002
Splunk guide for_iso_27002Greg Hanchin
 
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security ControlsEbook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security ControlsDominique Dessy
 
Splunk for security
Splunk for securitySplunk for security
Splunk for securityGreg Hanchin
 
Splunk for Enterprise Security and User Behavior Analytics
 Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk
 
Splunk for application_management
Splunk for application_managementSplunk for application_management
Splunk for application_managementGreg Hanchin
 
SplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT OperationsSplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT OperationsSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT OperationsSplunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT OperationsSplunk
 
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5Splunk
 
Splunk Enterprise 6.1 Solutions Brief
Splunk Enterprise 6.1 Solutions BriefSplunk Enterprise 6.1 Solutions Brief
Splunk Enterprise 6.1 Solutions BriefManish Kalra
 
Splunk for big_data
Splunk for big_dataSplunk for big_data
Splunk for big_dataGreg Hanchin
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA Splunk
 
SplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMwareSplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMwareSplunk
 

Ähnlich wie Splunk for fisma (20)

Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 
Splunk guide for_iso_27002
Splunk guide for_iso_27002Splunk guide for_iso_27002
Splunk guide for_iso_27002
 
Splunk for f5
Splunk for f5Splunk for f5
Splunk for f5
 
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security ControlsEbook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
 
Splunk for security
Splunk for securitySplunk for security
Splunk for security
 
Splunk for Enterprise Security and User Behavior Analytics
 Splunk for Enterprise Security and User Behavior Analytics Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
Splunk for application_management
Splunk for application_managementSplunk for application_management
Splunk for application_management
 
SplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT OperationsSplunkLive! Splunk for IT Operations
SplunkLive! Splunk for IT Operations
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics Splunk for Enterprise Security featuring User Behavior Analytics
Splunk for Enterprise Security featuring User Behavior Analytics
 
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT OperationsSplunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
Splunk Discovery Day Düsseldorf 2016 - Splunk für IT Operations
 
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
SplunkLive! Washington DC May 2013 - Splunk Enterprise 5
 
Splunk Enterprise 6.1 Solutions Brief
Splunk Enterprise 6.1 Solutions BriefSplunk Enterprise 6.1 Solutions Brief
Splunk Enterprise 6.1 Solutions Brief
 
Splunk for big_data
Splunk for big_dataSplunk for big_data
Splunk for big_data
 
Splunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout SessionSplunk for Enterprise Security featuring UBA Breakout Session
Splunk for Enterprise Security featuring UBA Breakout Session
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
Splunk
SplunkSplunk
Splunk
 
Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA
 
SplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMwareSplunkLive! Splunk App for VMware
SplunkLive! Splunk App for VMware
 

Mehr von Greg Hanchin

NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNKGreg Hanchin
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchangeGreg Hanchin
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threatGreg Hanchin
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43courseGreg Hanchin
 
Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administrationGreg Hanchin
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Greg Hanchin
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 courseGreg Hanchin
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43courseGreg Hanchin
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline Greg Hanchin
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionGreg Hanchin
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk courseGreg Hanchin
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsGreg Hanchin
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_briefGreg Hanchin
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduceGreg Hanchin
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktopGreg Hanchin
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connectGreg Hanchin
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directoryGreg Hanchin
 
Splunk app for_windows
Splunk app for_windowsSplunk app for_windows
Splunk app for_windowsGreg Hanchin
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchangeGreg Hanchin
 

Mehr von Greg Hanchin (20)

NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNK
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchange
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threat
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43course
 
Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administration
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 course
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43course
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class description
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk course
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class Details
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_brief
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduce
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktop
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connect
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directory
 
Splunk app for_windows
Splunk app for_windowsSplunk app for_windows
Splunk app for_windows
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchange
 

Último

How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.IPLOOK Networks
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024Brian Pichman
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kitJamie (Taka) Wang
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTopCSSGallery
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsDianaGray10
 

Último (20)

How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.
 
AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024AI Workshops at Computers In Libraries 2024
AI Workshops at Computers In Libraries 2024
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kit
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
 
Automation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projectsAutomation Ops Series: Session 2 - Governance for UiPath projects
Automation Ops Series: Session 2 - Governance for UiPath projects
 

Splunk for fisma

  • 1. Automated Monitoring for NIST 800-53 Controls Supporting the Risk Management Framework Splunk App for FISMA Continuous Monitoring F a c t S h e e t “If you want to do continuous monitoring you have to use Splunk. Before Splunk, our dashboard was unreliable and had no timely connection to reality.” US Department of Justice The IT infrastructure is dynamic. Vendor technology updates and new versions that contain security patches can’t wait for new connectors or parsers. Splunk reads native log data from operating systems and monitors for specific conditions that may indicate hosts that are out of compliance. Using Splunk, this data can then be cross-referenced directly to specific and appropriate NIST 800-53 controls. Splunk scalability Continuous monitoring requires highly scalable data management. Splunk scales linearly across commodity servers and supports the largest of data volumes. And when you add servers to collect additional data it doesn’t impact search performance. You can collect terabytes of data per day and also search for exactly what you want in seconds. Reporting without a schema Continuous monitoring is in its early stages and the FISMA reporting requirements are still in flux. With a traditional relational database a new report might require you to go back and modify the schema—potentially taking days or weeks. With Splunk, there is no fixed schema and a common information (CIM) model supporting FISMA is applied. Splunk collects and stores IT data in a flat file and fully-indexed structure that can be scaled across multiple Splunk severs. You can generate reports on the fly without the cost or complexity of having to reload the data into a highly structured relational database model. Ad-hoc search and forensic navigation across all IT data The Splunk freeform search language and highly interactive user interface give immediate results and make it faster to interact with IT data than homegrown scripting or report/SQL-oriented tools. Splunk makes it easy to implement incident response procedures including in-depth incident investigations of suspected compromises. “We are using Splunk to pass our FISMA assessments.” NASA Challenges Any government agency, whether it is a civilian, defense or intelligence agency, depends on information technology to help support data integrity, reduce mission risk and ensure the confidentiality and availability of information. In response to these needs, NIST published its Risk Management Framework (RMF) as part of the NIST publication 800-37 (updated February 2010). This framework outlines a six-step continuous monitoring process to establish security best practices for governmental agencies. NIST 800-37 complements the guidance in NIST 800-137 (draft) and provides a more in-depth view of the continuous monitoring methodology and strategy. The continuous monitoring process steps in NIST 800- 137 (draft) are listed as: Define, Establish, Implement, Analyze/ Report, Respond and Review/Update. Organizations implementing a continuous monitoring process should do so in an automated fashion—to reduce the time and labor spent poring over terabytes of data from workstations, servers, applications and other elements across the IT infrastructure. Why Splunk? Splunk Enterprise is a highly scalable engine for machine- generated IT data. It collects, indexes and harnesses machine data from across your physical, virtual or cloud infrastructures in real time. Unstructured machine data is given structure through time-based indexing so that analytics can be applied to data to gain insight and understanding. Splunk captures and monitors real-time data streams from applications, network devices, hosts, security devices and software. In addition to real-time streams, Splunk analyzes historical data looking for trends, patterns and anomalies. Splunk supports continuous monitoring and also delivers a security-related context you can apply to any event from any layer of an IT infrastructure.
  • 2. www.splunk.comlisten to your data 250 Brannan St, San Francisco, CA, 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.splunkbase.com F a c t s h e e t Copyright © 2013 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # FS-splunk-Fisma-103 Splunk provides an easy-to-digest graphical view of these controls in the “Continuous Monitoring” dashboard, which supports continuous monitoring for three risk based components: • ACM – Account Management • ACP – Privileged Access • ACL – Login Access This simple and clean view with high-level gauges, historical trending and heat map allows you to quickly determine if any controls need further investigation. For each supported control Splunk supplies a detailed view with interactive charts and tables that enable you to immediately drill down into the original event data and further understand what is causing the increased risk. Splunk also supports additional controls depending on what other tools you may have in your environment. Other controls can be built and supported based on data collected from SCAP tools. For example, the Splunk for Tivoli Endpoint Manager (formerly BigFix) application (available at no cost on www. splunk.com) will ingest information about vulnerabilities and patches from your Tivoli Endpoint Manager server. Splunk’s ability to ingest data in any format and then perform on-the- fly normalization makes it possible to generate continuous monitoring reports and gain wider visibility—and consolidate multiple tools in the process. The Splunk App for FISMA is based on a common information model (CIM) that allows for easy mapping of new data types and sources into the application. Also, since the App was built with automated reporting in mind it is fully compatible with the Office of Management and Budget’s (OMB) interactive collection tool, CyberScope. The Splunk App for FISMA The Splunk for FISMA App provides a plug-and-play framework for continuous monitoring of specific NIST 800-53 controls for Windows and Unix/Linux systems that eases the burden of desktop compliance. Security-specific product add-ons are also supported through additional services. The following controls are continuously monitored with searches and dashboards within the Splunk for FISMA App: • AC-2 Account Management • AC-3 Access Enforcement • AC-4 Information Flow • AC-6 Least Privilege • AC-7 Unsuccessful Login Attempts • AC-12 Session Termination • AC-14 Permitted Action w/o Authentication • AC-17 Remote Access • AC-18 Wireless Access Restrictions • AU-2 Auditable Events • AU-3 Content of Audit Records • AU-5 Response to Audit Processing Failures • AU-8 Time Stamps • AU-9 Protection of Audit Information • CM-4 Configuration Changes • PE-11 Emergency Power • PE-14 Temperature Controls • SC-10 Network Disconnect • SI-3 Malicious Code Protection • SI-11 Error Handling • IA-5 Authenticator Management • PS-4 Personnel Termination Free Download Download Splunk for free. You’ll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. After 60 days, or anytime before then, you can convert to a perpetual Free license or purchase an Enterprise license by contacting sales@splunk.com.