Blog

Over the past few months, we have been working closely with Symantec™ to debut an exciting new Splunk App. Today, we are proud to announce the 1.0 release of the Symantec DeepSight™ Security Intelligence App for Splunk Enterprise on Splunkbase. Download it today! This app is the result of a collaborative effort between the Operational Intelligence Team at Function1 and Symantec’s Cyber Security Group.

This app works in tandem with Symantec’s DeepSight™ Security Intelligence, which provides global threat, vulnerability, and reputation intelligence.  DeepSight Security Intelligence collects, analyzes, and delivers cyber-threat information through a customizable portal and data feeds, enabling proactive defensive actions and improved incident response. DeepSight Intelligence protects enterprises by creating better-informed security operations teams and by providing the tools for a faster, more accurate identification of threats and their remediation. By using Symantec’s DeepSight Intelligence, recognized by industry analysts as a market leader, you can build on existing investments in security technologies to create a robust, scalable information security program that more effectively uses your current operational resources and tools. The Symantec DeepSight Security Intelligence data feeds offer live downloads of the most malicious IP addresses and domains and URLs including contextual information such as the type of exhibited and historical behavior.

If you are already a subscriber to the Symantec DeepSight IP and URL Reputation data feeds, you are aware of the powerful insight you have into potentially malicious or vulnerable IP addresses and URLs hitting your network. DeepSight Intelligence collects, analyzes, and delivers cyber threat information collected by the Symantec Global Intelligence Network (GIN). The Symantec GIN has global visibility into the threat landscape including big data from:

·       More than 41.5 million attack sensors in 157 countries

·       An extensive anti-fraud community of enterprises, security vendors, and more than 50 million end users

·       More than 8 billion emails per month from 5 million decoy accounts

·       Over 1.5 billion web requests a day

The Symantec DeepSight Security Intelligence App for Splunk Enterprise allows Splunk users, who are also DeepSight customers, the ability to seamlessly correlate data from Symantec DeepSight IP and URL Reputation data feeds to any data source in your Splunk environment. By integrating the DeepSight data feeds into Splunk, you will gain unique insights into your entire IT environment by having the ability to easily identify any malicious activities taking place in your network.

The Symantec DeepSight Security Intelligence App for Splunk Enterprise provides the following views for monitoring your environment with ease and clarity:

Landing Page (Home)

- This page provides you with a general overview of the top IP addresses and URL/Domains that have been identified by the latest Symantec data feed. The ability to filter by behavior, confidence, time, etc. allows you to gain deeper insight into malicious IP addresses and URLs. Can you take action?