SC140129 GTRI Big Data Solutions: SPLUNK Capabilities Overview GTRI - SPLUNK Capabilites Free: 1.877.603.1984 Direct: 1.303.455.8800 Fax: 1.888.803.6520 www.gtri.com | [email protected] GTRI | 990 S. Broadway Suite 400 | Denver, Colorado 80209 Overview GTRI is the only ELITE Splunk integrator with certified Splunk architects and engineers on staff. In addition to Splunk enterprise license sales, we offer professional services integration for the Splunk Core application and the advanced suite of Splunk Applications for VMware, Enter- prise Security Suite (ESS), PCI and FISMA. We also can design custom search for the "needle in the hay stack" application, and have developed several dash boards for customers in Web Services, Cisco and Microsoft environments were they have a particular use case they needed to solve for the business. Network Forensics and Advanced Persistent Threat Analysis GTRI has extensive experience in providing this service to our Cisco customers. Our team of Cisco CCIE analysts will bring a new perspective to the forensic process in a Cisco Network using NetFlow collection for Cisco Switches, Routers and Firewalls with Splunk. We will correlate the Network flow data to your Cisco AAA service’s with Splunk dashboard integration to monitor threat. We can provide detailed analytics for Network, Applications and Data Center forensics for Advanced Persistent Threat (APT) using the Enterprise Security Application (ESS) for Splunk. The Splunk ESS application can integrate with FireEye and Solera Networks for advanced malware diagnostics by “pivoting” right in the Splunk dashboard for fast investigation and malware case management. Privileged Accounts GTRI can enable a set of searches and reports to provide fraud detection monitoring based on log data correlated within Splunk. In addition we have built saved search for privileged accounts across network and application infra- structures to meet both FISMA and PCI specifications with integration into the Splunk for Active Directory application to monitor the fine grained details of privileged accounts for reporting and compliance. Splunk Core Deployment GTRI professional services offers installation and consulting services to help you get the core servers, forwarders, indexers and the Splunk deployment server configured. In addition we can help you size appropriately your initial data collection targets of infrastructure machine and application logs. If you are a VMWARE ,Cisco or NETAPP client we can help you size those environments for Splunk monitoring with a custom audit onsite to determine the time needed to get these environments deployed. Splunk Essentials Class GTRI offers a lab intensive course with a focus on lecture materials to help get you and your team up and running with Splunk. We get you the tools and techniques for searching your logs in an informal manner more conducive to learning. This class can be delivered onsite as a 2 day workshop for up to 10 people at a time with certified Splunk course ware materials.

SPLUNK Capabilities Overview - GTRI · Overview GTRI is the only ELITE Splunk integrator with certified Splunk architects and engineers on staff. In addition to ... SPLUNK-Overview

Download PDF Report

Upload
lydat
View
235
Download
1

Embed Size (px)

Citation preview

Page 1: SPLUNK Capabilities Overview - GTRI · Overview GTRI is the only ELITE Splunk integrator with certified Splunk architects and engineers on staff. In addition to ... SPLUNK-Overview

SC140129

GTRI Big Data Solutions: SPLUNK Capabilities Overview

GTRI - SPLUNK Capabilites

Free: 1.877.603.1984Direct: 1.303.455.8800Fax: 1.888.803.6520

www.gtri.com | [email protected]

GTRI | 990 S. Broadway Suite 400 | Denver, Colorado 80209

OverviewGTRI is the only ELITE Splunk integrator with certified Splunk architects and engineers on staff. In addition to Splunk enterprise license sales, we offer professional services integration for the Splunk Core application and the advanced suite of Splunk Applications for VMware, Enter-prise Security Suite (ESS), PCI and FISMA. We also can design custom search for the "needle in the hay stack" application, and have developed several dash boards for customers in Web Services, Cisco and Microsoft environ-ments were they have a particular use case they needed to solve for the business.

Network Forensics and Advanced Persistent Threat AnalysisGTRI has extensive experience in providing this service to our Cisco customers. Our team of Cisco CCIE analysts will bring a new perspective to the forensic process in a Cisco Network using NetFlow collection for Cisco Switches, Routers and Firewalls with Splunk. We will correlate the Network flow data to your Cisco AAA service’s with Splunk dashboard integration to monitor threat. We can provide detailed analytics for Network, Applications and Data Center forensics for Advanced Persistent Threat (APT) using the Enterprise Security Application (ESS) for Splunk. The Splunk ESS application can integrate with FireEye and Solera Networks for advanced malware diagnostics by “pivoting” right in the Splunk dashboard for fast investigation and malware case management.

Privileged AccountsGTRI can enable a set of searches and reports to provide fraud detection monitoring based on log data correlated within Splunk. In addition we have built saved search for privileged accounts across network and application infra-structures to meet both FISMA and PCI specifications with integration into the Splunk for Active Directory application to monitor the fine grained details of privileged accounts for reporting and compliance.

Splunk Core DeploymentGTRI professional services offers installation and consulting services to help you get the core servers, forwarders, indexers and the Splunk deployment server configured. In addition we can help you size appropriately your initial data collection targets of infrastructure machine and application logs. If you are a VMWARE ,Cisco or NETAPP client we can help you size those environments for Splunk monitoring with a custom audit onsite to determine the time needed to get these environments deployed.

Splunk Essentials ClassGTRI offers a lab intensive course with a focus on lecture materials to help get you and your team up and running with Splunk. We get you the tools and techniques for searching your logs in an informal manner more conducive to learning. This class can be delivered onsite as a 2 day workshop for up to 10 people at a time with certified Splunk course ware materials.