SlideShare ist ein Scribd-Unternehmen logo

Splunk for blue_coat_proxy_sg

•
•
G
Greg Hanchin

Splunk for BlueCoat Application

Technologie
1 von 2
Downloaden Sie, um offline zu lesen
Use Splunk and Blue Coat to better monitor, investigate and secure your Internet traffic Splunk® App for Blue Coat ProxySG F a c t S h e e t from point solutions by allowing the end user to create data visualizations that reflect long term trending of threats, see them in the context of other IT data and link solutions together to automate security processes. The Splunk App for Blue Coat ProxySG Available on Splunkbase, the Splunk App for Blue Coat ProxySG is a free App that sits on top of Splunk Enterprise. It ingests data from Blue Coat ProxySG appliances and offers out-of-the-box dashboards, reports and fast access to Blue Coat data. The Splunk App for Blue Coat ProxySG allows Blue Coat customers to easily analyze the amount and type of Internet traffic that is entering and leaving their network, identify web-based security threats and potentially infected internal clients, and quantify potentially inappropriate or wasteful web surfing activity. The Splunk App for Blue Coat ProxySG also contains search capabilities which allow users to enter values such as IP, username, category, or host names to quickly see relevant Blue Coat data. The Blue Coat data can quickly be summarized for a broad picture view, but can also be drilled into to get the raw data on specific Web events. Lastly, customers can also customize the Splunk App for Blue Coat ProxySG by creating their own dashboards, visualizations, forms and alerts to accommodate their specific needs. The Splunk App for Blue Coat ProxySG receives data straight from the Blue Coat ProxySG appliances as syslog over TCP. Splunk indexes this data and allows you to perform further analysis on it. Once the Blue Coat data is indexed by Splunk, it can be correlated with other data in Splunk from sources such as DNS, DHCP, AD, email servers, firewalls and Windows event logs to detect the presence of advanced threats that may hide behind credentials and use other stealthy methods to evade detection from traditional stand-alone security products. Additionally, Blue Coat appliances can also output many different log formats, including customer defined formats, which are easy to add to Splunk. The Splunk App for Blue Coat ProxySG is compliant with the Splunk Common Information Model (CIM), making it easier to correlate Blue Coat data with data already in Splunk. Other Splunk apps that use the CIM include the Splunk App for Enterprise Security, Splunk App for PCI Compliance, Splunk App for FireEye, Splunk App for FISMA, the Cisco Security Suite, and the Splunk App for Symantec. Splunk App for Blue Coat ProxySG — Dashboards, Reports and Search Boxes The Splunk App for Blue Coat ProxySG generates Blue Coat- specific dashboards and reports in real-time, enabling immediate visibility on key Blue Coat metrics. The Splunk App for Blue Coat ProxySG also supports Splunk Enterprise functionality such as the ability to schedule and email reports to others, role-based access Blue Coat® and Splunk The Blue Coat ProxySG appliance provides complete control over all your web traffic with robust features that include user authentication, web filtering, data loss prevention, inspection and validation of SSL-encrypted traffic, content caching, bandwidth management, stream-splitting and more. Blue Coat ProxySG appliances feature an architecture that utilizes patent-protected caching technologies to assure performance as new security features are deployed. With multi-core hardware platforms and the SGOS operating system, ProxySG appliances can provide massive throughput without compromising security. Splunk Enterprise can be deployed as a security intelligence platform that collects, indexes and harnesses machine- generated big data coming from websites, applications, servers, networks and security products such as Blue Coat. Splunk software is often used as a big data platform for security use cases, including incident investigations and forensics, security reporting and visualization, and security information and event management (SIEM) threat correlation. For SIEM use cases, Splunk connects the dots across siloed technologies to help detect and alert on advanced threats that otherwise could evade detection. The Splunk platform extracts additional value • Real-time dashboards, panels and search fields to easily view and investigate Blue Coat ProxySG data • Fast reporting and drill down over massive amounts of Blue Coat ProxySG data • Correlate Blue Coat ProxySG data with other data sources in Splunk Enterprise™ to detect and remediate additional advanced threats H i g h l i g h t s
F a c t s h e e t www.splunk.com 250 Brannan St, San Francisco, CA, 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.splunkbase.com Copyright © 2013 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # FS-splunk-bluecoat-105 control to limit who can view and/or act on specific data in Splunk or an App, and drill-down actions that enable you to delve deeper into the details behind graphical elements and charts. The following dashboards are among the ones available in the Splunk App for Blue Coat ProxySG: Traffic overview dashboards: • MB sent and received over time • MB sent and received by protocol • Number of requests by protocol • Number of requests by category • Geo-IP mapping of events across the world • Top file types by requests and MBs received • Top web destinations by requests, MBs received, MB sent • Bandwidth savings over time and by site Client profile dashboard: • Can filter by user name or by client IP • MB sent and received over time • Sites visited with malware • Web activity summary Site profile dashboard: • Can filter by destination name or IP • Number of visitors over time • Client URL statistics Security dashboards: • Sites that were blocked • Sites with malware found • Internal usernames and IPs with potential infections • Number of blocked sites over time • Amount of malware over time WFA (Waste, Fraud, Abuse) dashboard: • Potential WFA issues over time • Potential WFA issues detail Free Download Download Splunk for free. You’ll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. After 60 days, or anytime before then, you can convert to a perpetual Free license or purchase an Enterprise license by contacting sales@splunk.com. Try Out the App, it’s Free! Go to Splunk.com > Splunkbase and search for “blue coat” to download the App.

Empfohlen

Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12N Masahiro
 
The basics of fluentd
The basics of fluentdThe basics of fluentd
The basics of fluentdTreasure Data, Inc.
 
Global warming (EVS Project)
Global warming (EVS Project)Global warming (EVS Project)
Global warming (EVS Project)Preetish Priyadarshi
 
NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNKGreg Hanchin
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchangeGreg Hanchin
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threatGreg Hanchin
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43courseGreg Hanchin
 

Empfohlen

Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12Dive into Fluentd plugin v0.12
Dive into Fluentd plugin v0.12N Masahiro
 
The basics of fluentd
The basics of fluentdThe basics of fluentd
The basics of fluentdTreasure Data, Inc.
 
Global warming (EVS Project)
Global warming (EVS Project)Global warming (EVS Project)
Global warming (EVS Project)Preetish Priyadarshi
 
NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNKGreg Hanchin
 
Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchangeGreg Hanchin
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threatGreg Hanchin
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43courseGreg Hanchin
 
Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administrationGreg Hanchin
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Greg Hanchin
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 courseGreg Hanchin
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43courseGreg Hanchin
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline Greg Hanchin
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionGreg Hanchin
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk courseGreg Hanchin
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsGreg Hanchin
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_briefGreg Hanchin
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduceGreg Hanchin
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktopGreg Hanchin
 
Splunk for palo_alto
Splunk for palo_altoSplunk for palo_alto
Splunk for palo_altoGreg Hanchin
 
Splunk for ibtrm
Splunk for ibtrmSplunk for ibtrm
Splunk for ibtrmGreg Hanchin
 
Splunk for fisma
Splunk for fismaSplunk for fisma
Splunk for fismaGreg Hanchin
 
Splunk for f5
Splunk for f5Splunk for f5
Splunk for f5Greg Hanchin
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connectGreg Hanchin
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directoryGreg Hanchin
 
Splunk app for_windows
Splunk app for_windowsSplunk app for_windows
Splunk app for_windowsGreg Hanchin
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Weitere ähnliche Inhalte

Mehr von Greg Hanchin

Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administrationGreg Hanchin
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Greg Hanchin
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 courseGreg Hanchin
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43courseGreg Hanchin
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline Greg Hanchin
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionGreg Hanchin
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk courseGreg Hanchin
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsGreg Hanchin
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_briefGreg Hanchin
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduceGreg Hanchin
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktopGreg Hanchin
 
Splunk for palo_alto
Splunk for palo_altoSplunk for palo_alto
Splunk for palo_altoGreg Hanchin
 
Splunk for ibtrm
Splunk for ibtrmSplunk for ibtrm
Splunk for ibtrmGreg Hanchin
 
Splunk for fisma
Splunk for fismaSplunk for fisma
Splunk for fismaGreg Hanchin
 
Splunk for f5
Splunk for f5Splunk for f5
Splunk for f5Greg Hanchin
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connectGreg Hanchin
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directoryGreg Hanchin
 
Splunk app for_windows
Splunk app for_windowsSplunk app for_windows
Splunk app for_windowsGreg Hanchin
 

Mehr von Greg Hanchin (20)

Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administration
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 course
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43course
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class description
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk course
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class Details
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_brief
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduce
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktop
 
Splunk for palo_alto
Splunk for palo_altoSplunk for palo_alto
Splunk for palo_alto
 
Splunk for ibtrm
Splunk for ibtrmSplunk for ibtrm
Splunk for ibtrm
 
Splunk for fisma
Splunk for fismaSplunk for fisma
Splunk for fisma
 
Splunk for f5
Splunk for f5Splunk for f5
Splunk for f5
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connect
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directory
 
Splunk app for_windows
Splunk app for_windowsSplunk app for_windows
Splunk app for_windows
 

KĂźrzlich hochgeladen

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 

KĂźrzlich hochgeladen (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Splunk for blue_coat_proxy_sg

  • 1. Use Splunk and Blue Coat to better monitor, investigate and secure your Internet traffic SplunkÂŽ App for Blue Coat ProxySG F a c t S h e e t from point solutions by allowing the end user to create data visualizations that reflect long term trending of threats, see them in the context of other IT data and link solutions together to automate security processes. The Splunk App for Blue Coat ProxySG Available on Splunkbase, the Splunk App for Blue Coat ProxySG is a free App that sits on top of Splunk Enterprise. It ingests data from Blue Coat ProxySG appliances and offers out-of-the-box dashboards, reports and fast access to Blue Coat data. The Splunk App for Blue Coat ProxySG allows Blue Coat customers to easily analyze the amount and type of Internet traffic that is entering and leaving their network, identify web-based security threats and potentially infected internal clients, and quantify potentially inappropriate or wasteful web surfing activity. The Splunk App for Blue Coat ProxySG also contains search capabilities which allow users to enter values such as IP, username, category, or host names to quickly see relevant Blue Coat data. The Blue Coat data can quickly be summarized for a broad picture view, but can also be drilled into to get the raw data on specific Web events. Lastly, customers can also customize the Splunk App for Blue Coat ProxySG by creating their own dashboards, visualizations, forms and alerts to accommodate their specific needs. The Splunk App for Blue Coat ProxySG receives data straight from the Blue Coat ProxySG appliances as syslog over TCP. Splunk indexes this data and allows you to perform further analysis on it. Once the Blue Coat data is indexed by Splunk, it can be correlated with other data in Splunk from sources such as DNS, DHCP, AD, email servers, firewalls and Windows event logs to detect the presence of advanced threats that may hide behind credentials and use other stealthy methods to evade detection from traditional stand-alone security products. Additionally, Blue Coat appliances can also output many different log formats, including customer defined formats, which are easy to add to Splunk. The Splunk App for Blue Coat ProxySG is compliant with the Splunk Common Information Model (CIM), making it easier to correlate Blue Coat data with data already in Splunk. Other Splunk apps that use the CIM include the Splunk App for Enterprise Security, Splunk App for PCI Compliance, Splunk App for FireEye, Splunk App for FISMA, the Cisco Security Suite, and the Splunk App for Symantec. Splunk App for Blue Coat ProxySG — Dashboards, Reports and Search Boxes The Splunk App for Blue Coat ProxySG generates Blue Coat- specific dashboards and reports in real-time, enabling immediate visibility on key Blue Coat metrics. The Splunk App for Blue Coat ProxySG also supports Splunk Enterprise functionality such as the ability to schedule and email reports to others, role-based access Blue CoatÂŽ and Splunk The Blue Coat ProxySG appliance provides complete control over all your web traffic with robust features that include user authentication, web filtering, data loss prevention, inspection and validation of SSL-encrypted traffic, content caching, bandwidth management, stream-splitting and more. Blue Coat ProxySG appliances feature an architecture that utilizes patent-protected caching technologies to assure performance as new security features are deployed. With multi-core hardware platforms and the SGOS operating system, ProxySG appliances can provide massive throughput without compromising security. Splunk Enterprise can be deployed as a security intelligence platform that collects, indexes and harnesses machine- generated big data coming from websites, applications, servers, networks and security products such as Blue Coat. Splunk software is often used as a big data platform for security use cases, including incident investigations and forensics, security reporting and visualization, and security information and event management (SIEM) threat correlation. For SIEM use cases, Splunk connects the dots across siloed technologies to help detect and alert on advanced threats that otherwise could evade detection. The Splunk platform extracts additional value • Real-time dashboards, panels and search fields to easily view and investigate Blue Coat ProxySG data • Fast reporting and drill down over massive amounts of Blue Coat ProxySG data • Correlate Blue Coat ProxySG data with other data sources in Splunk Enterprise™ to detect and remediate additional advanced threats H i g h l i g h t s
  • 2. F a c t s h e e t www.splunk.com 250 Brannan St, San Francisco, CA, 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.splunkbase.com Copyright Š 2013 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # FS-splunk-bluecoat-105 control to limit who can view and/or act on specific data in Splunk or an App, and drill-down actions that enable you to delve deeper into the details behind graphical elements and charts. The following dashboards are among the ones available in the Splunk App for Blue Coat ProxySG: Traffic overview dashboards: • MB sent and received over time • MB sent and received by protocol • Number of requests by protocol • Number of requests by category • Geo-IP mapping of events across the world • Top file types by requests and MBs received • Top web destinations by requests, MBs received, MB sent • Bandwidth savings over time and by site Client profile dashboard: • Can filter by user name or by client IP • MB sent and received over time • Sites visited with malware • Web activity summary Site profile dashboard: • Can filter by destination name or IP • Number of visitors over time • Client URL statistics Security dashboards: • Sites that were blocked • Sites with malware found • Internal usernames and IPs with potential infections • Number of blocked sites over time • Amount of malware over time WFA (Waste, Fraud, Abuse) dashboard: • Potential WFA issues over time • Potential WFA issues detail Free Download Download Splunk for free. You’ll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. After 60 days, or anytime before then, you can convert to a perpetual Free license or purchase an Enterprise license by contacting sales@splunk.com. Try Out the App, it’s Free! Go to Splunk.com > Splunkbase and search for “blue coat” to download the App.