CISO’s see servers and devices, apps and logs, traffic and clouds. With the Splunk® platform security teams are able to see data—everywhere. This kind of Operational Intelligence enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make a company more productive, profitable, competitive and secure. But machine data, no matter how well it’s organized, can be cumbersome to sift through when trying to swiftly investigate an Insider Attack. With ObserveIT integration, that machine data comes to life as video playback with the simple push of a button.
With Insider Threats becoming more and more prevalent in daily headline news, there is now a great need to monitor the internal business and Privileged IT user. With its pre-configured Splunk integration module, ObserveIT’s user activity video logs and user activity text logs in the Splunk platform provide all the details of exactly what users are doing on the network, right from within the platform security teams trust to deliver reliable data in security oversight and compliance reporting.
Event details are ‘dashboarded’ across a standard Splunk timeline, with event listings showing exactly what applications, URLs, files and system calls the user touched. A video replay icon is available for each specific user action, allowing investigators to launch the video replay at the exact moment in time that the user performed that action. Download a free trial version of the ObserveIT Connector for Splunk.
Imagine this scenario: The Splunk dashboard alerts the security team to a potential security incident. But now, instead of investigating by drilling down into system logs, the investigators instead just click on the “Play the Video” icon, which shows exactly what the user did!