1. Use Splunk and Blue Coat to better monitor, investigate
and secure your Internet traffic
SplunkÂŽ App for Blue Coat ProxySG
F a c t S h e e t
from point solutions by allowing the end user to create data
visualizations that reflect long term trending of threats, see them
in the context of other IT data and link solutions together to
automate security processes.
The Splunk App for Blue Coat ProxySG
Available on Splunkbase, the Splunk App for Blue Coat
ProxySG is a free App that sits on top of Splunk Enterprise. It
ingests data from Blue Coat ProxySG appliances and offers
out-of-the-box dashboards, reports and fast access to Blue
Coat data. The Splunk App for Blue Coat ProxySG allows
Blue Coat customers to easily analyze the amount and type
of Internet traffic that is entering and leaving their network,
identify web-based security threats and potentially infected
internal clients, and quantify potentially inappropriate or
wasteful web surfing activity. The Splunk App for Blue Coat
ProxySG also contains search capabilities which allow users
to enter values such as IP, username, category, or host names
to quickly see relevant Blue Coat data. The Blue Coat data
can quickly be summarized for a broad picture view, but can
also be drilled into to get the raw data on specific Web events.
Lastly, customers can also customize the Splunk App for Blue
Coat ProxySG by creating their own dashboards, visualizations,
forms and alerts to accommodate their specific needs.
The Splunk App for Blue Coat ProxySG receives data straight
from the Blue Coat ProxySG appliances as syslog over TCP.
Splunk indexes this data and allows you to perform further
analysis on it. Once the Blue Coat data is indexed by Splunk,
it can be correlated with other data in Splunk from sources
such as DNS, DHCP, AD, email servers, firewalls and Windows
event logs to detect the presence of advanced threats that
may hide behind credentials and use other stealthy methods to
evade detection from traditional stand-alone security products.
Additionally, Blue Coat appliances can also output many
different log formats, including customer defined formats,
which are easy to add to Splunk.
The Splunk App for Blue Coat ProxySG is compliant with the
Splunk Common Information Model (CIM), making it easier to
correlate Blue Coat data with data already in Splunk. Other
Splunk apps that use the CIM include the Splunk App for
Enterprise Security, Splunk App for PCI Compliance, Splunk
App for FireEye, Splunk App for FISMA, the Cisco Security
Suite, and the Splunk App for Symantec.
Splunk App for Blue Coat ProxySG â
Dashboards, Reports and Search Boxes
The Splunk App for Blue Coat ProxySG generates Blue Coat-
specific dashboards and reports in real-time, enabling immediate
visibility on key Blue Coat metrics. The Splunk App for Blue Coat
ProxySG also supports Splunk Enterprise functionality such as the
ability to schedule and email reports to others, role-based access
Blue CoatÂŽ and Splunk
The Blue Coat ProxySG appliance provides complete control
over all your web traffic with robust features that include user
authentication, web filtering, data loss prevention, inspection
and validation of SSL-encrypted traffic, content caching,
bandwidth management, stream-splitting and more.
Blue Coat ProxySG appliances feature an architecture that
utilizes patent-protected caching technologies to assure
performance as new security features are deployed. With
multi-core hardware platforms and the SGOS operating system,
ProxySG appliances can provide massive throughput without
compromising security.
Splunk Enterprise can be deployed as a security intelligence
platform that collects, indexes and harnesses machine-
generated big data coming from websites, applications, servers,
networks and security products such as Blue Coat. Splunk
software is often used as a big data platform for security use
cases, including incident investigations and forensics, security
reporting and visualization, and security information and event
management (SIEM) threat correlation. For SIEM use cases,
Splunk connects the dots across siloed technologies to help
detect and alert on advanced threats that otherwise could
evade detection. The Splunk platform extracts additional value
⢠Real-time dashboards, panels and search fields to
easily view and investigate Blue Coat ProxySG data
⢠Fast reporting and drill down over massive
amounts of Blue Coat ProxySG data
⢠Correlate Blue Coat ProxySG data with other
data sources in Splunk Enterprise⢠to detect and
remediate additional advanced threats
H i g h l i g h t s
2. F a c t s h e e t
www.splunk.com
250 Brannan St, San Francisco, CA, 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.splunkbase.com
Copyright Š 2013 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark
or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # FS-splunk-bluecoat-105
control to limit who can view and/or act on specific data in Splunk
or an App, and drill-down actions that enable you to delve deeper
into the details behind graphical elements and charts.
The following dashboards are among the ones available in the
Splunk App for Blue Coat ProxySG:
Traffic overview dashboards:
⢠MB sent and received over time
⢠MB sent and received by protocol
⢠Number of requests by protocol
⢠Number of requests by category
⢠Geo-IP mapping of events across the world
⢠Top file types by requests and MBs received
⢠Top web destinations by requests, MBs received, MB sent
⢠Bandwidth savings over time and by site
Client profile dashboard:
⢠Can filter by user name or by client IP
⢠MB sent and received over time
⢠Sites visited with malware
⢠Web activity summary
Site profile dashboard:
⢠Can filter by destination name or IP
⢠Number of visitors over time
⢠Client URL statistics
Security dashboards:
⢠Sites that were blocked
⢠Sites with malware found
⢠Internal usernames and IPs with potential infections
⢠Number of blocked sites over time
⢠Amount of malware over time
WFA (Waste, Fraud, Abuse) dashboard:
⢠Potential WFA issues over time
⢠Potential WFA issues detail
Free Download
Download Splunk for free. Youâll get a Splunk Enterprise
license for 60 days and you can index up to 500 megabytes
of data per day. After 60 days, or anytime before then, you
can convert to a perpetual Free license or purchase an
Enterprise license by contacting sales@splunk.com.
Try Out the App, itâs Free!
Go to Splunk.com > Splunkbase and search for âblue coatâ
to download the App.